Instantly share code, notes, and snippets.

@davidlyness /ssl.conf Secret
Created Jun 19, 2016

Embed
What would you like to do?
add_header Strict-Transport-Security 'max-age=31536000; includeSubdomains';
add_header Public-Key-Pins 'in-sha256="mydbKl1oEnhbxisMQ3y5paY6SRoDDM+4upWXWFnr9Jc="; pin-sha256="zPUygNcQjYbLtlLmFkPCg8a42wS71dglMCqomlSj4lM="; max-age=15768000; includeSubDomains';
ssl_certificate signed-cert-bundle.crt;
ssl_certificate_key davidlyness.com.pem;
ssl_dhparam dhparam.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate unified-cert-bundle.crt;
resolver 8.8.8.8 8.8.4.4;
if ($scheme = http) {
return 301 https://$host$request_uri;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment