Skip to content

Instantly share code, notes, and snippets.

Created Nov 14, 2018
What would you like to do?
server {
listen 443 ssl;
ssl_certificate /path/to/ssl/fullchain.pem;
ssl_certificate_key /path/to/ssl/privkey.pem;
ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1;
ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/dhparam-4096.pem;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 21h;
ssl_session_tickets on;
ssl_buffer_size 4k;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=31536000; preload" always;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
location / {
proxy_http_version 1.1;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarder-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header Connection "";
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment