diff options
Diffstat (limited to 'nginx')
| -rw-r--r-- | nginx/nginx.conf | 23 | ||||
| -rw-r--r-- | nginx/server.conf | 2 |
2 files changed, 22 insertions, 3 deletions
diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 336c8d2..e3f92c9 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -25,23 +25,40 @@ http { } proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=pcache:32m max_size=20g; + + # mozilla ssl settings via https://ssl-config.mozilla.org/ + + ssl_session_timeout 1d; ssl_session_cache shared:SSL:10m; + ssl_session_tickets off; + + ssl_protocols TLSv1.3; + ssl_prefer_server_ciphers off; - ssl_protocols TLSv1.2 TLSv1.3; ssl_stapling on; ssl_stapling_verify on; - ssl_prefer_server_ciphers on; - resolver 127.0.0.53; # dummy host server { listen 443 quic reuseport default_server; + listen [::]:443 quic reuseport default_server; listen 443 ssl reuseport default_server; + listen [::]:443 ssl reuseport default_server; server_name _; ssl_certificate /etc/tls/mia.jetzt.crt; ssl_certificate_key /etc/tls/mia.jetzt.key; } + # https redirect + server { + listen 80 default_server; + listen [::]:80 default_server; + server_name _; + location / { + return 301 https://$host$request_uri; + } + } + %SERVERS% } diff --git a/nginx/server.conf b/nginx/server.conf index d4f35f3..31908db 100644 --- a/nginx/server.conf +++ b/nginx/server.conf @@ -1,6 +1,8 @@ server { listen 443 quic; + listen [::]:443 quic; listen 443 ssl; + listen [::]:443 ssl; server_name %HOST% *.%HOST%; add_header alt-svc 'h3=":443"; ma=86400'; ssl_certificate /etc/tls/%HOST%.crt; |