summaryrefslogtreecommitdiff
path: root/public/fs/etc/nginx/conf.d/ssl_params
diff options
context:
space:
mode:
authorroot@culturestrings <root@culturestrings>2020-05-18 08:38:41 +0000
committerroot@culturestrings <root@culturestrings>2020-05-18 08:38:41 +0000
commit8f5160bf28a3c4e8e61425ab627ea05dfffd8943 (patch)
tree0d533b624e8a499a98dfd1dc23381aaf2098bdf3 /public/fs/etc/nginx/conf.d/ssl_params
parent0f11a66864ce98a8a9a58af382bd8efbff471f22 (diff)
downloadculturestrings-8f5160bf28a3c4e8e61425ab627ea05dfffd8943.tar.bz2
culturestrings-8f5160bf28a3c4e8e61425ab627ea05dfffd8943.tar.xz
web: added nginx's common configuration files.
Diffstat (limited to 'public/fs/etc/nginx/conf.d/ssl_params')
-rw-r--r--public/fs/etc/nginx/conf.d/ssl_params17
1 files changed, 17 insertions, 0 deletions
diff --git a/public/fs/etc/nginx/conf.d/ssl_params b/public/fs/etc/nginx/conf.d/ssl_params
new file mode 100644
index 0000000..9af9de4
--- /dev/null
+++ b/public/fs/etc/nginx/conf.d/ssl_params
@@ -0,0 +1,17 @@
+ssl_trusted_certificate /home/webroot/letsencrypt/ssl/chain.pem;
+
+ssl_stapling on;
+ssl_stapling_verify on;
+ssl_prefer_server_ciphers on;
+
+ssl_ciphers TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:!aNULL:!eNULL:!EXPORT:!EDH:!CAMELLIA:!3DES:!DES:!MD5:!PSK:!RC4:!RSA;
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ecdh_curve X25519:secp384r1;
+
+ssl_session_cache shared:SSL:1m;
+ssl_session_timeout 5m;
+
+add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
+add_header X-Frame-Options DENY;
+add_header X-Content-Type-Options nosniff;
+add_header X-XSS-Protection "1; mode=block";