Skip to content

Instantly share code, notes, and snippets.

Last active Jan 9, 2020
What would you like to do?
Nginx SSL/TLS + LetsEncrypt Configuration For "A+" Qualys SSL Labs Rating
server {
listen 80 default_server;
listen [::]:80 default_server;
rewrite ^ https://$host$request_uri? permanent;
server {
listen 443 ssl default_server http2;
listen [::]:443 ssl default_server http2;
ssl_certificate /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;
# Generated with:
# openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 4096
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:TLS:2m;
ssl_stapling on;
ssl_stapling_verify on;
resolver; #
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload' always;
root /home/www;
index index.php index.html;
location / {
try_files $uri $uri/ =404;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
location ~ /\.ht {
deny all;
error_page 401 403 404 /;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment