Created
October 22, 2017 13:13
-
-
Save anonymous/1b77f2bd698c5029c6638689102d322d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 443 ssl; | |
listen [::]:443 ssl ipv6only=on; | |
server_name mlvin.xyz www.mlvin.xyz; | |
root /var/www/html; | |
index index.html index.htm; | |
# add Strict-Transport-Security to prevent man in the middle attacks | |
add_header Strict-Transport-Security "max-age=31536000"; | |
location / { | |
try_files $uri $uri/ /index.html; | |
} | |
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate | |
ssl_certificate /etc/letsencrypt/live/mlvin.xyz/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/mlvin.xyz/privkey.pem; | |
ssl_session_timeout 1d; | |
ssl_session_cache shared:SSL:50m; | |
# intermediate configuration. tweak to your needs. | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:E\ | |
CDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA25\ | |
6:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-A\ | |
ES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3\ | |
-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SH\ | |
A:DES-CBC3-SHA:!DSS'; | |
ssl_prefer_server_ciphers on; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 80 default_server; | |
listen [::]:80 ipv6only=on; | |
server_name mlvin.xyz www.mlvin.xyz; | |
return 302 https://$host$request_uri; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment