diff options
Diffstat (limited to 'public/fs/etc/nginx/conf.d/ssl_params')
| -rw-r--r-- | public/fs/etc/nginx/conf.d/ssl_params | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/public/fs/etc/nginx/conf.d/ssl_params b/public/fs/etc/nginx/conf.d/ssl_params new file mode 100644 index 0000000..9af9de4 --- /dev/null +++ b/public/fs/etc/nginx/conf.d/ssl_params @@ -0,0 +1,17 @@ +ssl_trusted_certificate /home/webroot/letsencrypt/ssl/chain.pem; + +ssl_stapling on; +ssl_stapling_verify on; +ssl_prefer_server_ciphers on; + +ssl_ciphers TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:!aNULL:!eNULL:!EXPORT:!EDH:!CAMELLIA:!3DES:!DES:!MD5:!PSK:!RC4:!RSA; +ssl_protocols TLSv1.2 TLSv1.3; +ssl_ecdh_curve X25519:secp384r1; + +ssl_session_cache shared:SSL:1m; +ssl_session_timeout 5m; + +add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; +add_header X-Frame-Options DENY; +add_header X-Content-Type-Options nosniff; +add_header X-XSS-Protection "1; mode=block"; |