Skip to content

Instantly share code, notes, and snippets.

@fdv

fdv/sslvhost.conf

Created October 15, 2014 15:16
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save fdv/7a380d88d43d0c6a9d48 to your computer and use it in GitHub Desktop.
Save fdv/7a380d88d43d0c6a9d48 to your computer and use it in GitHub Desktop.
Download ZIP
nginx SSL configuration for a A / A+ on ssl labs (depends on your key using SHA1 or not)
Raw
sslvhost.conf
# nginx SSL configuration for a A / A+ on ssl labs (depends on your key using SHA1 or not)
ssl on;
ssl_certificate /usr/local/etc/nginx/ssl/cert.pem;
ssl_certificate_key /usr/local/etc/nginx/ssl/key.key;
ssl_dhparam /usr/local/etc/nginx/ssl/dh4096.pem;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'AES256+EECDH:AES256+EDH';
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 10s;
add_header Strict-Transport-Security max-age=535680000;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment