diff options
| author | Paweł Dybiec <pawel.to.malpa@gmail.com> | 2019-05-23 21:52:18 +0200 |
|---|---|---|
| committer | Paweł Dybiec <pawel.to.malpa@gmail.com> | 2019-05-23 21:52:18 +0200 |
| commit | b5e08314abcc62e0823dd3d30507173d2e45289a (patch) | |
| tree | d69485cd5852bec191cf617b59e369aace33416d | |
| parent | Enable building of services + redis for gitea (diff) | |
Set strong cipher and ssl protocols
| -rw-r--r-- | compose/nginx/nginx.conf | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/compose/nginx/nginx.conf b/compose/nginx/nginx.conf index fc640c2..4e9d7fd 100644 --- a/compose/nginx/nginx.conf +++ b/compose/nginx/nginx.conf @@ -22,6 +22,15 @@ http { ssl_certificate /etc/letsencrypt/live/dybiec.info/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/dybiec.info/privkey.pem; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + ssl_session_cache shared:SSL:50m; + ssl_session_timeout 5m; + + ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384; + + sendfile on; tcp_nopush on; |