|
|
@ -1,5 +1,6 @@
|
|
|
|
server {
|
|
|
|
server {
|
|
|
|
listen 80;
|
|
|
|
listen 80;
|
|
|
|
|
|
|
|
listen [::]:80;
|
|
|
|
|
|
|
|
|
|
|
|
rewrite ^(.*)$ https://$host$1 permanent;
|
|
|
|
rewrite ^(.*)$ https://$host$1 permanent;
|
|
|
|
|
|
|
|
|
|
|
@ -8,6 +9,7 @@ server {
|
|
|
|
|
|
|
|
|
|
|
|
server {
|
|
|
|
server {
|
|
|
|
listen 443 ssl http2;
|
|
|
|
listen 443 ssl http2;
|
|
|
|
|
|
|
|
listen [::]:443 ssl http2;
|
|
|
|
|
|
|
|
|
|
|
|
add_header X-Xss-Protection 1;
|
|
|
|
add_header X-Xss-Protection 1;
|
|
|
|
add_header X-Frame-Options DENY;
|
|
|
|
add_header X-Frame-Options DENY;
|
|
|
@ -15,8 +17,9 @@ server {
|
|
|
|
|
|
|
|
|
|
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
|
|
ssl_dhparam /etc/ssl/certs/dhparam.pem;
|
|
|
|
ssl_session_cache shared:SSL:1m;
|
|
|
|
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
|
|
|
|
ssl_session_timeout 10m;
|
|
|
|
|
|
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
|
|
|
|
|
|
|
|
|
|
ssl_certificate /etc/nginx/conf.crt/dc3.site/fullchain.pem;
|
|
|
|
ssl_certificate /etc/nginx/conf.crt/dc3.site/fullchain.pem;
|
|
|
|
ssl_certificate_key /etc/nginx/conf.crt/dc3.site/privkey.pem;
|
|
|
|
ssl_certificate_key /etc/nginx/conf.crt/dc3.site/privkey.pem;
|
|
|
|