Skip to content

Instantly share code, notes, and snippets.

@cdpb

cdpb/gist:e0ca3c055b028f6a7d54

Created February 20, 2016 14:03
Show Gist options
  • Save cdpb/e0ca3c055b028f6a7d54 to your computer and use it in GitHub Desktop.
Save cdpb/e0ca3c055b028f6a7d54 to your computer and use it in GitHub Desktop.
Download ZIP
SSL / DH
Raw
gistfile1.txt
# Generate SSL
openssl req -newkey rsa:2048 -nodes -keyout domain.key -x509 -days 365 -out domain.crt
# Generate DH
openssl dhparam -out dhparam.pem 4096
ssl_certificate /etc/nginx/ssl/domain.crt;
ssl_certificate_key /etc/nginx/ssl/domain.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
server_tokens off;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=31536000";
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment