diff options
Diffstat (limited to 'nginx/nginx.conf')
| -rw-r--r-- | nginx/nginx.conf | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 336c8d2..e3f92c9 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -25,23 +25,40 @@ http { } proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=pcache:32m max_size=20g; + + # mozilla ssl settings via https://ssl-config.mozilla.org/ + + ssl_session_timeout 1d; ssl_session_cache shared:SSL:10m; + ssl_session_tickets off; + + ssl_protocols TLSv1.3; + ssl_prefer_server_ciphers off; - ssl_protocols TLSv1.2 TLSv1.3; ssl_stapling on; ssl_stapling_verify on; - ssl_prefer_server_ciphers on; - resolver 127.0.0.53; # dummy host server { listen 443 quic reuseport default_server; + listen [::]:443 quic reuseport default_server; listen 443 ssl reuseport default_server; + listen [::]:443 ssl reuseport default_server; server_name _; ssl_certificate /etc/tls/mia.jetzt.crt; ssl_certificate_key /etc/tls/mia.jetzt.key; } + # https redirect + server { + listen 80 default_server; + listen [::]:80 default_server; + server_name _; + location / { + return 301 https://$host$request_uri; + } + } + %SERVERS% } |