mirror/Arsse
1
1
Fork 0
mirror of https://code.mensbeam.com/MensBeam/Arsse.git synced 2025-01-11 02:12:40 +00:00
Code Issues Activity
Arsse/dist/docker/default/nginx/ssl.conf

33 lines
No EOL
1 KiB
Text
Raw Blame History

listen 443 ssl;
listen [::]:443 ssl;
http2 on;
ssl_stapling on;
ssl_stapling_verify on;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets on;
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
ssl_dhparam /config/nginx/dhparams.pem;
# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
ssl_prefer_server_ciphers on;
ssl_certificate /config/keys/fullchain.cer;
ssl_certificate_key /config/keys/cert.key;
ssl_trusted_certificate /config/keys/cert.cer;
# Automatic HTTPS redirection
uninitialized_variable_warn off;
if ($https = "on") {
set $tls_redir off;
}
if ($tls_redir = "") {
set $tls_redir on;
}
if ($tls_redir = "on") {
rewrite ^ https://$host$request_uri;
}
View git blame Copy permalink