tamasan238/slack-nginx Secret

## slack-nginx
# generated 2023-02-07, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name [FQDN];

    location /[WORKSPACE-NAME] {
        root   /usr/share/nginx/html;
        index  index.html;
	    auth_basic "This page is protected.";
	    auth_basic_user_file /etc/nginx/.htpasswd;
    }

    access_log /var/log/nginx/[WORKSPACE-NAME].slack.access.log main;

    ssl_certificate /etc/letsencrypt/live/[FQDN]/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/[FQDN]/privkey.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
    ssl_session_tickets off;

    # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
    ssl_dhparam /etc/nginx/dhparam;

    # intermediate configuration
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;

    # HSTS (ngx_http_headers_module is required) (63072000 seconds)
    add_header Strict-Transport-Security "max-age=63072000" always;

    # OCSP stapling
    ssl_stapling on;
    ssl_stapling_verify on;

    # verify chain of trust of OCSP response using Root CA and Intermediate certs
    # ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;

    # replace with the IP address of your resolver
    resolver 127.0.0.1;
}
	# generated 2023-02-07, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
	# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6

	server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	server_name [FQDN];

	location /[WORKSPACE-NAME] {
	root /usr/share/nginx/html;
	index index.html;
	auth_basic "This page is protected.";
	auth_basic_user_file /etc/nginx/.htpasswd;
	}

	access_log /var/log/nginx/[WORKSPACE-NAME].slack.access.log main;

	ssl_certificate /etc/letsencrypt/live/[FQDN]/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/[FQDN]/privkey.pem;
	ssl_session_timeout 1d;
	ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
	ssl_session_tickets off;

	# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
	ssl_dhparam /etc/nginx/dhparam;

	# intermediate configuration
	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
	ssl_prefer_server_ciphers off;

	# HSTS (ngx_http_headers_module is required) (63072000 seconds)
	add_header Strict-Transport-Security "max-age=63072000" always;

	# OCSP stapling
	ssl_stapling on;
	ssl_stapling_verify on;

	# verify chain of trust of OCSP response using Root CA and Intermediate certs
	# ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;

	# replace with the IP address of your resolver
	resolver 127.0.0.1;
	}