diff options
author | Paweł Dybiec <pawel.to.malpa@gmail.com> | 2019-05-23 21:52:18 +0200 |
---|---|---|
committer | Paweł Dybiec <pawel.to.malpa@gmail.com> | 2019-05-23 21:52:18 +0200 |
commit | b5e08314abcc62e0823dd3d30507173d2e45289a (patch) | |
tree | d69485cd5852bec191cf617b59e369aace33416d /compose/nginx/nginx.conf | |
parent | Enable building of services + redis for gitea (diff) |
Set strong cipher and ssl protocols
Diffstat (limited to 'compose/nginx/nginx.conf')
-rw-r--r-- | compose/nginx/nginx.conf | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/compose/nginx/nginx.conf b/compose/nginx/nginx.conf index fc640c2..4e9d7fd 100644 --- a/compose/nginx/nginx.conf +++ b/compose/nginx/nginx.conf @@ -22,6 +22,15 @@ http { ssl_certificate /etc/letsencrypt/live/dybiec.info/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/dybiec.info/privkey.pem; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + ssl_session_cache shared:SSL:50m; + ssl_session_timeout 5m; + + ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384; + + sendfile on; tcp_nopush on; |