mediaupstream · June 9, 2017 19:38 · mediaupstream · Jun 9, 2017
diff --git a/vhost-thing.conf b/vhost-thing.conf
 server {
  #
  # Depending on your version of nginx you can use http/2 for all 
  # requests. This will speed things up for sure!
  #
  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  ssl_certificate /etc/nginx/cert/northernspark.com.certchain.crt;
  ssl_certificate_key /etc/nginx/cert/northernspark.com.key;

  #
  # share connection between subsequent requests
  # will probably speed things up
  #
  keepalive_timeout   70;
  
  #
  # Shared cache between session / worker processes
  # this should speed up requests a bit
  #
  ssl_session_cache shared:SSL:32m;
  ssl_session_timeout 60m;
  ssl_buffer_size 8k;

  #
  # Define the order that ciphers are used, optimized to 
  # use the AES cipher first if it's available.. this 
  # might speed up requests a bit
  #
  ssl_prefer_server_ciphers on;
  ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5;

  #
  # Don't use SSL, instead force using TLS
  # this will speed things up a tiny bit
  #
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  #
  # SSL Stapling will def. speed things up
  # you might need to read a tutorial on setting this up
  # but the basic config is below:
  # (you'll need to create the trustchain.crt first)
  #
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_trusted_certificate /etc/nginx/cert/trustchain.crt;
  resolver 8.8.8.8 8.8.4.4;

  
  #
  # Rest of your regular config goes here:
  # ...
 }
	server {
	#
	# Depending on your version of nginx you can use http/2 for all
	# requests. This will speed things up for sure!
	#
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	ssl_certificate /etc/nginx/cert/northernspark.com.certchain.crt;
	ssl_certificate_key /etc/nginx/cert/northernspark.com.key;

	#
	# share connection between subsequent requests
	# will probably speed things up
	#
	keepalive_timeout 70;

	#
	# Shared cache between session / worker processes
	# this should speed up requests a bit
	#
	ssl_session_cache shared:SSL:32m;
	ssl_session_timeout 60m;
	ssl_buffer_size 8k;

	#
	# Define the order that ciphers are used, optimized to
	# use the AES cipher first if it's available.. this
	# might speed up requests a bit
	#
	ssl_prefer_server_ciphers on;
	ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5;

	#
	# Don't use SSL, instead force using TLS
	# this will speed things up a tiny bit
	#
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

	#
	# SSL Stapling will def. speed things up
	# you might need to read a tutorial on setting this up
	# but the basic config is below:
	# (you'll need to create the trustchain.crt first)
	#
	ssl_stapling on;
	ssl_stapling_verify on;
	ssl_trusted_certificate /etc/nginx/cert/trustchain.crt;
	resolver 8.8.8.8 8.8.4.4;


	#
	# Rest of your regular config goes here:
	# ...
	}