-
-
Save xXPhenomXx/4a14283d1aff0a5556bf405d44ee60b0 to your computer and use it in GitHub Desktop.
SSL nginx config example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 80; | |
| server_name www.example.com example.com; | |
| # Redirect all traffic to SSL | |
| rewrite ^ https://$server_name$request_uri? permanent; | |
| } | |
| server { | |
| listen 443 ssl default_server; | |
| # enables SSLv3/TLSv1, but not SSLv2 which is weak and should no longer be used. | |
| ssl_protocols SSLv3 TLSv1; | |
| # disables all weak ciphers | |
| ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM; | |
| server_name www.example.com example.com; | |
| ## Access and error logs. | |
| access_log /var/log/nginx/access.log; | |
| error_log /var/log/nginx/error.log info; | |
| ## Keep alive timeout set to a greater value for SSL/TLS. | |
| keepalive_timeout 75 75; | |
| ## See the keepalive_timeout directive in nginx.conf. | |
| ## Server certificate and key. | |
| ssl on; | |
| ssl_certificate /etc/ssl/certs/example.com-rapidssl.crt; | |
| ssl_certificate_key /etc/ssl/private/example.com-rapidssl.key; | |
| ssl_session_timeout 5m; | |
| ## Strict Transport Security header for enhanced security. See | |
| ## http://www.chromium.org/sts. I've set it to 2 hours; set it to | |
| ## whichever age you want. | |
| add_header Strict-Transport-Security "max-age=7200"; | |
| root /var/www/example.com/; | |
| index index.php; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment