Changes

58 bytes removed , 12:20, 4 February 2020

no edit summary

Line 1: Line 1:

Below is a SSL configuration for the nginx web server version 1.17.0, using OpenSSL version 1.1.1. This configuration file was generated by the [https://ssl-config.mozilla.org/ Mozilla SSL Configuration Generator.]

<pre>

+

# generated 2019-09-09, https://ssl-config.mozilla.org/#server=nginx&server-version=1.17.0&config=intermediate&openssl-version=1.1.1

server {

−

listen 80 default_server;

+

−

listen [::]:80 default_server;

+

listen 80 default_server;

+

listen [::]:80 default_server;

# redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.

return 301 https://$host$request_uri;

+

}

server {

−

listen 443 ssl http2;

+

−

listen [::]:443 ssl http2;

+

listen 443 ssl http2;

+

listen [::]:443 ssl http2;

# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate

Line 26: Line 33:

# intermediate configuration

ssl_protocols TLSv1.2 TLSv1.3;

−

ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384~~:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305~~:DHE-RSA-

+

ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

−

AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

ssl_prefer_server_ciphers off;

−

+

# HSTS (ngx_http_headers_module is required) (63072000 seconds)

add_header Strict-Transport-Security "max-age=63072000" always;

Line 42: Line 48:

# replace with the IP address of your resolver

resolver 127.0.0.1;

+

}

Greggory.elton

802

edits

Changes

Nginx 1.17.0 - OpenSSL 1.1.1 (view source)

Revision as of 12:20, 4 February 2020