pujianto/yourdomain.tld.conf

## yourdomain.tld.conf
server {
  listen 443 ssl http2;
  server_name yourdomain.tld www.yourdomain.tld;

  ssl_certificate /etc/nginx/tls.d/yourdomain.tld.crt;
  ssl_certificate_key /etc/nginx/tls.d/yourdomain.tld.key;
  ssl_session_cache shared:yourdomain:10m;
  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_prefer_server_ciphers on;
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_session_tickets off;
  ssl_ecdh_curve secp521r1:secp384r1;
  ssl_ciphers EECDH+AESGCM:EECDH+AES256:!CBC;
  #ssl_dhparam /path/to/dhparam.pem;
  ssl_dhparam /path/to/ffdhe409.pem;
  ssl_session_timeout 10m;
  ssl_buffer_size 4k;


  add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always;


  location / {
    root /usr/share/nginx/html;
    index index.html;
  }

}
	server {
	listen 443 ssl http2;
	server_name yourdomain.tld www.yourdomain.tld;

	ssl_certificate /etc/nginx/tls.d/yourdomain.tld.crt;
	ssl_certificate_key /etc/nginx/tls.d/yourdomain.tld.key;
	ssl_session_cache shared:yourdomain:10m;
	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_prefer_server_ciphers on;
	ssl_stapling on;
	ssl_stapling_verify on;
	ssl_session_tickets off;
	ssl_ecdh_curve secp521r1:secp384r1;
	ssl_ciphers EECDH+AESGCM:EECDH+AES256:!CBC;
	#ssl_dhparam /path/to/dhparam.pem;
	ssl_dhparam /path/to/ffdhe409.pem;
	ssl_session_timeout 10m;
	ssl_buffer_size 4k;


	add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always;


	location / {
	root /usr/share/nginx/html;
	index index.html;
	}

	}