install.fairie/home/dot_local/etc/nginx/snippets/ssl.conf

15 lines
595 B
Text
Raw Normal View History

2023-07-08 23:49:14 -07:00
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+AES;
ssl_ecdh_curve X25519;
ssl_prefer_server_ciphers on;
ssl_stapling off;
ssl_stapling_verify off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 24h;
ssl_session_tickets off;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
keepalive_timeout 300s;
resolver 127.0.0.53 valid=60s;
resolver_timeout 10s;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;