aboutsummaryrefslogtreecommitdiff
path: root/packages/crashbox-config/nginx/etc/nginx/conf.d/ssl.conf
diff options
context:
space:
mode:
Diffstat (limited to 'packages/crashbox-config/nginx/etc/nginx/conf.d/ssl.conf')
-rw-r--r--packages/crashbox-config/nginx/etc/nginx/conf.d/ssl.conf15
1 files changed, 15 insertions, 0 deletions
diff --git a/packages/crashbox-config/nginx/etc/nginx/conf.d/ssl.conf b/packages/crashbox-config/nginx/etc/nginx/conf.d/ssl.conf
new file mode 100644
index 0000000..bb96ec7
--- /dev/null
+++ b/packages/crashbox-config/nginx/etc/nginx/conf.d/ssl.conf
@@ -0,0 +1,15 @@
+# The configuration below can be obtained with the Mozilla SSL
+# Configuration Generator at
+# https://mozilla.github.io/server-side-tls/ssl-config-generator/
+
+ssl_certificate /etc/ssl/server.cert.pem;
+ssl_certificate_key /etc/ssl/private/server.key.pem;
+ssl_session_timeout 1d;
+ssl_session_cache shared:SSL:50m;
+ssl_session_tickets off;
+
+ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
+
+ssl_stapling on;
+ssl_stapling_verify on;
+ssl_trusted_certificate /etc/ssl/issuer.cert.pem;
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-02 19:25:08 +0000