Update nginx/nginx.conf
This commit is contained in:
parent
5ad7b578f4
commit
ba87ab0064
1 changed files with 24 additions and 0 deletions
|
|
@ -32,5 +32,29 @@ http {
|
||||||
|
|
||||||
gzip on;
|
gzip on;
|
||||||
|
|
||||||
|
# modern configuration
|
||||||
|
ssl_protocols TLSv1.3;
|
||||||
|
ssl_ecdh_curve X25519:prime256v1:secp384r1;
|
||||||
|
ssl_prefer_server_ciphers off;
|
||||||
|
|
||||||
|
# OCSP stapling
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
|
||||||
|
# replace with the IP address of your resolver;
|
||||||
|
# async 'resolver' is important for proper operation of OCSP stapling
|
||||||
|
resolver 2001:4860:4860::8888 2001:4860:4860::8844;
|
||||||
|
|
||||||
|
# If certificates are marked OCSP Must-Staple, consider managing the
|
||||||
|
# OCSP stapling cache with an external script, e.g. certbot-ocsp-fetcher
|
||||||
|
|
||||||
|
# HTTPS redirect
|
||||||
|
server {
|
||||||
|
listen 80 default_server;
|
||||||
|
listen [::]:80 default_server;
|
||||||
|
|
||||||
|
return 301 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
include /etc/nginx/conf.d/*.conf;
|
include /etc/nginx/conf.d/*.conf;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue