NGINX: Set ssl_prefer_server_ciphers to on & remove robot tags.
This commit is contained in:
parent
3f72b76693
commit
283514ef73
1 changed files with 3 additions and 7 deletions
|
@ -4,7 +4,7 @@ include /etc/nginx/modules-enabled/*.conf;
|
||||||
|
|
||||||
events {
|
events {
|
||||||
worker_connections 768;
|
worker_connections 768;
|
||||||
# multi_accept on;
|
multi_accept off;
|
||||||
}
|
}
|
||||||
|
|
||||||
http {
|
http {
|
||||||
|
@ -36,16 +36,12 @@ http {
|
||||||
ssl_certificate_key /etc/letsencrypt/live/viyurz.fr/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/viyurz.fr/privkey.pem;
|
||||||
ssl_trusted_certificate /etc/letsencrypt/live/viyurz.fr/chain.pem;
|
ssl_trusted_certificate /etc/letsencrypt/live/viyurz.fr/chain.pem;
|
||||||
|
|
||||||
# modern configuration
|
|
||||||
# ssl_protocols TLSv1.3;
|
|
||||||
|
|
||||||
# intermediate configuration
|
|
||||||
ssl_protocols TLSv1.2 TLSv1.3;
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
|
||||||
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
|
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
|
||||||
ssl_dhparam /etc/nginx/dhparam.txt;
|
ssl_dhparam /etc/nginx/dhparam.txt;
|
||||||
|
|
||||||
ssl_prefer_server_ciphers off;
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
ssl_session_timeout 1d;
|
ssl_session_timeout 1d;
|
||||||
ssl_session_cache shared:MozSSL:10m;
|
ssl_session_cache shared:MozSSL:10m;
|
||||||
|
@ -68,7 +64,7 @@ http {
|
||||||
resolver 185.12.64.12 [a01:4ff:ff00::add:2] [2a01:4ff:ff00::add:1];
|
resolver 185.12.64.12 [a01:4ff:ff00::add:2] [2a01:4ff:ff00::add:1];
|
||||||
|
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||||
add_header X-Robots-Tag "noindex, nofollow" always;
|
# add_header X-Robots-Tag "noindex, nofollow" always;
|
||||||
add_header Set-Cookie "Path=/; HttpOnly; Secure";
|
add_header Set-Cookie "Path=/; HttpOnly; Secure";
|
||||||
|
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
|
|
Loading…
Reference in a new issue