SSL best practices for nginx

remotes/1727458204337373841/tmp_refs/heads/signup-info-prompt
Jason Snell 2017-04-04 18:43:21 -07:00
parent ccb6a658fd
commit fa7b74cf51
1 changed files with 12 additions and 0 deletions

View File

@ -11,10 +11,22 @@ map $http_upgrade $connection_upgrade {
'' close; '' close;
} }
server {
listen 80;
listen [::]:80;
server_name example.com;
return 301 https://$host$request_uri;
}
server { server {
listen 443 ssl; listen 443 ssl;
server_name example.com; server_name example.com;
ssl_protocols TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;