SSL best practices for nginx

2017-04-04 18:43:21 -07:00 · 2017-04-04 18:43:21 -07:00 · fa7b74cf51
commit fa7b74cf51
parent ccb6a658fd
1 changed files with 12 additions and 0 deletions
--- a/docs/Running-Mastodon/Production-guide.md
+++ b/docs/Running-Mastodon/Production-guide.md
@ -11,10 +11,22 @@ map $http_upgrade $connection_upgrade {
  ''      close;
 }

+server {
+  listen 80;
+  listen [::]:80;
+  server_name example.com;
+  return 301 https://$host$request_uri;
+}
+
 server {
  listen 443 ssl;
  server_name example.com;

+  ssl_protocols TLSv1.2;
+  ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+  ssl_prefer_server_ciphers on;
+  ssl_session_cache shared:SSL:10m;
+
  ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;