Skip to content

Instantly share code, notes, and snippets.

@shalintj

shalintj/serverpilot-nginx-ssl.conf

Last active June 12, 2017 20:56
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save shalintj/f8b9ef6d0fb203435eb9 to your computer and use it in GitHub Desktop.
Save shalintj/f8b9ef6d0fb203435eb9 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
serverpilot-nginx-ssl.conf
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name yourdomain.com www.yourdomain.com;
ssl on;
# ssl certificates
ssl_certificate /etc/nginx-sp/certs/yourdomain.com/yourdomain_com.crt;
ssl_certificate_key /etc/nginx-sp/certs/yourdomain.com/ssl.key;
#SSL Optimization
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:20m;
ssl_session_tickets off;
# modern configuration
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
# verify chain of trust of OCSP response
ssl_trusted_certificate /etc/nginx-sp/certs/yourdomain.com/yourdomain_com_ca-bundle-ssl-trusted.crt;
#root directory and logfiles
root /srv/users/serverpilot/apps/yourserverpilotappname/public;
access_log /srv/users/serverpilot/log/yourserverpilotappname/yourserverpilotappname_nginx.access.log main;
error_log /srv/users/serverpilot/log/yourserverpilotappname/yourserverpilotappname_nginx.error.log;
#proxyset
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto $scheme;
#includes
include /etc/nginx-sp/vhosts.d/yourserverpilotappname.d/*.nonssl_conf;
include /etc/nginx-sp/vhosts.d/yourserverpilotappname.d/*.conf;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment