diff options
| author | crupest <crupest@outlook.com> | 2024-11-11 01:12:29 +0800 |
|---|---|---|
| committer | Yuqian Yang <crupest@crupest.life> | 2025-01-20 23:24:41 +0800 |
| commit | 90a72d2d7ed4a5eadfe36f62d81f26ca3324e49b (patch) | |
| tree | 0e5241878de3fc7cd36e4e5bcd2eac3ae1b063f6 /templates/nginx/conf.d/ssl.conf.template | |
| parent | 907eff64f175822e1113887a8b547490dadf9687 (diff) | |
| download | crupest-90a72d2d7ed4a5eadfe36f62d81f26ca3324e49b.tar.gz crupest-90a72d2d7ed4a5eadfe36f62d81f26ca3324e49b.tar.bz2 crupest-90a72d2d7ed4a5eadfe36f62d81f26ca3324e49b.zip | |
HALF WORK: 2024.1.20 - 4
Diffstat (limited to 'templates/nginx/conf.d/ssl.conf.template')
| -rw-r--r-- | templates/nginx/conf.d/ssl.conf.template | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/templates/nginx/conf.d/ssl.conf.template b/templates/nginx/conf.d/ssl.conf.template new file mode 100644 index 0000000..54205f1 --- /dev/null +++ b/templates/nginx/conf.d/ssl.conf.template @@ -0,0 +1,17 @@ +# This file contains important security parameters. If you modify this file +# manually, Certbot will be unable to automatically provide future security +# updates. Instead, Certbot will print and log an error message with a path to +# the up-to-date file that you will need to refer to when manually updating +# this file. Contents are based on https://ssl-config.mozilla.org + +ssl_certificate /etc/letsencrypt/live/${CRUPEST_DOMAIN}/fullchain.pem; +ssl_certificate_key /etc/letsencrypt/live/${CRUPEST_DOMAIN}/privkey.pem; + +ssl_session_cache shared:le_nginx_SSL:10m; +ssl_session_timeout 1440m; +ssl_session_tickets off; + +ssl_protocols TLSv1.2 TLSv1.3; +ssl_prefer_server_ciphers off; + +ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; |