Line 1: |
Line 1: |
| Below is a SSL configuration for the nginx web server version 1.17.0, using OpenSSL version 1.1.1. This configuration file was generated by the [https://ssl-config.mozilla.org/ Mozilla SSL Configuration Generator.] | | Below is a SSL configuration for the nginx web server version 1.17.0, using OpenSSL version 1.1.1. This configuration file was generated by the [https://ssl-config.mozilla.org/ Mozilla SSL Configuration Generator.] |
| <pre> | | <pre> |
| + | |
| + | |
| # generated 2019-09-09, https://ssl-config.mozilla.org/#server=nginx&server-version=1.17.0&config=intermediate&openssl-version=1.1.1 | | # generated 2019-09-09, https://ssl-config.mozilla.org/#server=nginx&server-version=1.17.0&config=intermediate&openssl-version=1.1.1 |
| server { | | server { |
− | listen 80 default_server; | + | |
− | listen [::]:80 default_server; | + | listen 80 default_server; |
| + | |
| + | listen [::]:80 default_server; |
| | | |
| # redirect all HTTP requests to HTTPS with a 301 Moved Permanently response. | | # redirect all HTTP requests to HTTPS with a 301 Moved Permanently response. |
| return 301 https://$host$request_uri; | | return 301 https://$host$request_uri; |
| + | |
| } | | } |
| | | |
| server { | | server { |
− | listen 443 ssl http2;
| + | |
− | listen [::]:443 ssl http2; | + | listen 443 ssl http2; |
| + | |
| + | listen [::]:443 ssl http2; |
| | | |
| # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate | | # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate |
Line 26: |
Line 33: |
| # intermediate configuration | | # intermediate configuration |
| ssl_protocols TLSv1.2 TLSv1.3; | | ssl_protocols TLSv1.2 TLSv1.3; |
− | ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA- | + | ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; |
− | AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
| |
| ssl_prefer_server_ciphers off; | | ssl_prefer_server_ciphers off; |
− | | + | |
| # HSTS (ngx_http_headers_module is required) (63072000 seconds) | | # HSTS (ngx_http_headers_module is required) (63072000 seconds) |
| add_header Strict-Transport-Security "max-age=63072000" always; | | add_header Strict-Transport-Security "max-age=63072000" always; |
Line 42: |
Line 48: |
| # replace with the IP address of your resolver | | # replace with the IP address of your resolver |
| resolver 127.0.0.1; | | resolver 127.0.0.1; |
| + | |
| } | | } |