cleot · September 4, 2016 14:05
diff --git a/nginx-letsencrypt-vhost.conf b/nginx-letsencrypt-vhost.conf
 server {
    listen 80;
    listen [::]:80;
    server_name example.com www.example.com *.example.com;
    include global/letsencrypt-redirect.conf;
 }

 server {

    listen 443 ssl http2;
    ssl on;
    listen [::]:443 ssl http2;
    server_name example.com;

    keepalive_timeout 300;

    # Letsencrypt
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    # Cipher
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
    ssl_dhparam /etc/ssl/private/dhparam.pem;
    ssl_ecdh_curve secp384r1;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    # OSCP
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 5s;
    ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
    # Header
    add_header Strict-Transport-Security max-age=63072000; # HSTS
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    fastcgi_param HTTPS on;

    client_header_buffer_size 64k;
    large_client_header_buffers 4 64k;



    location / {
            proxy_pass http://backend;
            proxy_set_header X-Real-IP  $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header X-Forwarded-Port 443;
            proxy_set_header Host $host;
            proxy_redirect     off;
    }
 }
	server {
	listen 80;
	listen [::]:80;
	server_name example.com www.example.com *.example.com;
	include global/letsencrypt-redirect.conf;
	}

	server {

	listen 443 ssl http2;
	ssl on;
	listen [::]:443 ssl http2;
	server_name example.com;

	keepalive_timeout 300;

	# Letsencrypt
	ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
	# Cipher
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
	ssl_dhparam /etc/ssl/private/dhparam.pem;
	ssl_ecdh_curve secp384r1;
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 10m;
	# OSCP
	ssl_stapling on;
	ssl_stapling_verify on;
	resolver 8.8.8.8 8.8.4.4 valid=300s;
	resolver_timeout 5s;
	ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
	# Header
	add_header Strict-Transport-Security max-age=63072000; # HSTS
	add_header X-Frame-Options DENY;
	add_header X-Content-Type-Options nosniff;
	add_header X-XSS-Protection "1; mode=block";
	fastcgi_param HTTPS on;

	client_header_buffer_size 64k;
	large_client_header_buffers 4 64k;



	location / {
	proxy_pass http://backend;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto https;
	proxy_set_header X-Forwarded-Port 443;
	proxy_set_header Host $host;
	proxy_redirect off;
	}
	}
No results found