nginx 1.17.5, modern config, OpenSSL 1.1.1d

# generated 2019-11-07, https://ssl-config.mozilla.org/#server=nginx&server-version=1.17.5&config=modern&openssl-version=1.1.1d
server {
    listen 80 default_server;
    listen [::]:80 default_server;

    # redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
    ssl_certificate /path/to/signed_cert_plus_intermediates;
    ssl_certificate_key /path/to/private_key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
    ssl_session_tickets off;

    # modern configuration
    ssl_protocols TLSv1.3;
    ssl_prefer_server_ciphers off;

    # HSTS (ngx_http_headers_module is required) (63072000 seconds)
    add_header Strict-Transport-Security "max-age=63072000" always;

    # OCSP stapling
    ssl_stapling on;
    ssl_stapling_verify on;

    # verify chain of trust of OCSP response using Root CA and Intermediate certs
    ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;

    # replace with the IP address of your resolver
    resolver 127.0.0.1;
}

生成海报
14

暂无评论

相关推荐

你觉得 安全吗?

很多事情,当你没有接触的时候,你可能觉得无所谓,但是,一旦你从事这方面的工作之后,你就会发现,卧槽!危险无处不在!

如何简单的测试网络的联通性

日常的工作和生活中,我们经常会遇到出现无法链接上网或者上网出现一些比较棘手的问题,但是,处理问题的第一要素就是要定位问题所在,所以关于网络故障处理方面,简单说下常见的处理方式!

微信扫一扫,分享到朋友圈

nginx 1.17.5, modern config, OpenSSL 1.1.1d