modernize

switch to mozilla's ssl settings add https redirect fix ipv6 support
author: mia <mia@mia.jetzt> 2024-07-22 09:43:54 -0700
committer: mia <mia@mia.jetzt> 2024-07-22 09:43:54 -0700
commit: 66a6fcd862cbb4b4505fab2bcd1d0b6a4ae06535 (patch)
tree: 9eb1852b5bf0606a7a5dcc1dc19ab0d092433192 /nginx/nginx.conf
parent: 809608c7ef4801f80adbd0ae07301e39c11e3951 (diff)
download: callosum-66a6fcd862cbb4b4505fab2bcd1d0b6a4ae06535.tar.gz
callosum-66a6fcd862cbb4b4505fab2bcd1d0b6a4ae06535.zip
1 files changed, 20 insertions, 3 deletions
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 336c8d2..e3f92c9 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -25,23 +25,40 @@ http {
 	}
 
 	proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=pcache:32m max_size=20g;
+
+	# mozilla ssl settings via https://ssl-config.mozilla.org/
+
+	ssl_session_timeout 1d;
 	ssl_session_cache shared:SSL:10m;
+	ssl_session_tickets off;
+
+	ssl_protocols TLSv1.3;
+	ssl_prefer_server_ciphers off;
 
-	ssl_protocols TLSv1.2 TLSv1.3;
 	ssl_stapling on;
 	ssl_stapling_verify on;
-	ssl_prefer_server_ciphers on;
-
 	resolver 127.0.0.53;
 
 	# dummy host
 	server {
 		listen 443 quic reuseport default_server;
+		listen [::]:443 quic reuseport default_server;
 		listen 443 ssl reuseport default_server;
+		listen [::]:443 ssl reuseport default_server;
 		server_name _;
 		ssl_certificate /etc/tls/mia.jetzt.crt;
 		ssl_certificate_key /etc/tls/mia.jetzt.key;
 	}
 
+	# https redirect
+	server {
+		listen 80 default_server;
+		listen [::]:80 default_server;
+		server_name _;
+		location / {
+			return 301 https://$host$request_uri;
+		}
+	}
+
 	%SERVERS%
 }
author	mia <mia@mia.jetzt>	2024-07-22 09:43:54 -0700
committer	mia <mia@mia.jetzt>	2024-07-22 09:43:54 -0700
commit	66a6fcd862cbb4b4505fab2bcd1d0b6a4ae06535 (patch)
tree	9eb1852b5bf0606a7a5dcc1dc19ab0d092433192 /nginx/nginx.conf
parent	809608c7ef4801f80adbd0ae07301e39c11e3951 (diff)
download	callosum-66a6fcd862cbb4b4505fab2bcd1d0b6a4ae06535.tar.gz callosum-66a6fcd862cbb4b4505fab2bcd1d0b6a4ae06535.zip