Skip to content

Instantly share code, notes, and snippets.

@quangthe
Forked from timcheadle/server.conf
Last active April 3, 2022 14:32
Show Gist options
  • Save quangthe/05af11596b28cadf9b09725e8cacfc12 to your computer and use it in GitHub Desktop.
Save quangthe/05af11596b28cadf9b09725e8cacfc12 to your computer and use it in GitHub Desktop.
SSL nginx config example
server {
listen 80;
server_name www.example.com example.com;
# Redirect all traffic to SSL
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen 443 ssl default_server;
# enables SSLv3/TLSv1, but not SSLv2 which is weak and should no longer be used.
# NOTE: disable this config at local with self-signed certificate
ssl_protocols SSLv3 TLSv1;
# disables all weak ciphers
# NOTE: disable this config at local with self-signed certificate
ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;
server_name www.example.com example.com;
## Access and error logs.
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log info;
## Keep alive timeout set to a greater value for SSL/TLS.
keepalive_timeout 75 75;
## See the keepalive_timeout directive in nginx.conf.
## Server certificate and key.
ssl on;
ssl_certificate /etc/ssl/certs/example.com-rapidssl.crt;
ssl_certificate_key /etc/ssl/private/example.com-rapidssl.key;
ssl_session_timeout 5m;
## Strict Transport Security header for enhanced security. See
## http://www.chromium.org/sts. I've set it to 2 hours; set it to
## whichever age you want.
add_header Strict-Transport-Security "max-age=7200";
root /var/www/example.com/;
index index.php;
}
@quangthe
Copy link
Author

quangthe commented Apr 2, 2022

https://www.learnbestcoding.com/post/17/ssl-https-with-nginx

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    return 301 https://$host$request_uri;
}
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name example.com;
    ssl_certificate /etc/nginx/certs/ssl_certificate.crt;
    ssl_certificate_key /etc/nginx/certs/ssl_certificate.key;
    return 301 https://www.example.com$request_uri;
}
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name www.example.com;
    ssl_certificate /etc/nginx/certs/ssl_certificate.crt;
    ssl_certificate_key /etc/nginx/certs/ssl_certificate.key;
    location / {
		proxy_pass http://127.0.0.1:3000/;
    }
}

@quangthe
Copy link
Author

quangthe commented Apr 2, 2022

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment