Skip to content

Instantly share code, notes, and snippets.

Last active May 29, 2022
What would you like to do?
Containerised NGINX config for HTTPS with HTTP/2 with Let's Encrypt certificates.
# Used on nginx/1.15.5
# see:
# Oldest compatible clients: Firefox 27, Chrome 30, IE 11 on Windows 7, Edge, Opera 17, Safari 9, Android 5.0, and Java 8
server {
listen 80 default_server;
root /application/public/;
# allow access to /.well-known through HTTP
location /.well-known {
try_files $uri $uri/ =404;
# redirect all other requests to HTTPS
location / {
return 301 https://$host$request_uri;
server {
# Listen to HTTPS on 443 and allow HTTP/2
listen 443 ssl http2 default;
# Path to the chain and privkey (Let's Encrypt)
ssl_certificate /certs/fullchain.pem;
ssl_certificate_key /certs/privkey.pem;
# Improve HTTPS performance with session resumption
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# Enable server-side protection against BEAST attacks
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
# Diffie-Hellman parameter for DHE ciphersuites
# $ openssl dhparam -out dhparam.pem 4096
ssl_dhparam /certs/dhparam.pem;
# Enable OCSP stapling (
# uses Google DNS servers
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /certs/fullchain.pem;
resolver valid=300s;
resolver_timeout 5s;
# Logging in a container
access_log /dev/stdout;
error_log stderr error;
error_log /dev/stdout info;
root /application/public/;
index index.html index.htm;
charset utf-8;
# TODO: Compression, interpreters, websocket proxies, logging, XSS headers, ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment