ahmetozer · April 21, 2020 10:17
diff --git a/nginx.conf b/nginx.conf
 server {
    listen 443 http2 ssl;
    listen [::]:443 http2 ssl;

    server_name yourdomain;

    ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
    ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
    ssl_ecdh_curve secp384r1;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 1.1.1.1 8.8.8.8 valid=300s;
    resolver_timeout 5s;
    # To enable HSTS uncommend below line
    #add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; # HSTS
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    
    location / {
      proxy_pass http://your-local-or-remore-http-server.com:80;
    }
 }
	server {
	listen 443 http2 ssl;
	listen [::]:443 http2 ssl;

	server_name yourdomain;

	ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
	ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
	ssl_dhparam /etc/ssl/certs/dhparam.pem;

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
	ssl_ecdh_curve secp384r1;
	ssl_session_cache shared:SSL:10m;
	ssl_session_tickets off;
	ssl_stapling on;
	ssl_stapling_verify on;
	resolver 1.1.1.1 8.8.8.8 valid=300s;
	resolver_timeout 5s;
	# To enable HSTS uncommend below line
	#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; # HSTS
	add_header X-Frame-Options DENY;
	add_header X-Content-Type-Options nosniff;

	location / {
	proxy_pass http://your-local-or-remore-http-server.com:80;
	}
	}