.

dc3/nginx/conf.d/default.conf

@@ -1,5 +1,6 @@
 server {
     listen                     80;
+    listen                     [::]:80;
 
     rewrite                    ^(.*)$ https://$host$1 permanent;
 
@@ -8,6 +9,7 @@ server {
 
 server {
     listen                     443 ssl http2;
+    listen                     [::]:443 ssl http2;
 
     add_header                 X-Xss-Protection 1;
     add_header                 X-Frame-Options DENY;
@@ -15,8 +17,9 @@ server {
 
     ssl_prefer_server_ciphers  on;
     ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
-    ssl_dhparam                /etc/ssl/certs/dhparam.pem;
+    ssl_session_cache          shared:SSL:1m;
-    ssl_ciphers                "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
+    ssl_session_timeout        10m;
+    ssl_ciphers                HIGH:!aNULL:!MD5;
 
     ssl_certificate            /etc/nginx/conf.crt/dc3.site/fullchain.pem;
     ssl_certificate_key        /etc/nginx/conf.crt/dc3.site/privkey.pem;

dc3/nginx/nginx.conf

@@ -13,20 +13,21 @@ events {
 http {
     include             /etc/nginx/mime.types;
     default_type        application/octet-stream;
-      
+
     log_format          main  '$remote_addr - $remote_user [$time_local] "$request" '
                               '$status $body_bytes_sent "$http_referer" '
                               '"$http_user_agent" "$http_x_forwarded_for"';
-      
+
     access_log          /var/log/nginx/access.log  main;
-      
+
     gzip                on;
     tcp_nopush          on;
+    tcp_nodelay         on;
     sendfile            on;
-      
+
     keepalive_timeout   65;
-    ssl_session_timeout 10m;        
+    ssl_session_timeout 10m;
     ssl_session_cache   shared:SSL:10m;
-    
+
     include             /etc/nginx/conf.d/*.conf;
 }