Skip to content

Instantly share code, notes, and snippets.

@timcheadle

timcheadle/server.conf

Last active August 24, 2024 15:21
Show Gist options
  • Save timcheadle/5578330a734534ce1815 to your computer and use it in GitHub Desktop.
Save timcheadle/5578330a734534ce1815 to your computer and use it in GitHub Desktop.
Download ZIP
SSL nginx config example
Raw
server.conf
server {
listen 80;
server_name www.example.com example.com;
# Redirect all traffic to SSL
rewrite ^ https://$host$request_uri? permanent;
}
server {
listen 443 ssl default_server;
# enables SSLv3/TLSv1, but not SSLv2 which is weak and should no longer be used.
ssl_protocols SSLv3 TLSv1;
# disables all weak ciphers
ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;
server_name www.example.com example.com;
## Access and error logs.
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log info;
## Keep alive timeout set to a greater value for SSL/TLS.
keepalive_timeout 75 75;
## See the keepalive_timeout directive in nginx.conf.
## Server certificate and key.
ssl on;
ssl_certificate /etc/ssl/certs/example.com-rapidssl.crt;
ssl_certificate_key /etc/ssl/private/example.com-rapidssl.key;
ssl_session_timeout 5m;
## Strict Transport Security header for enhanced security. See
## http://www.chromium.org/sts. I've set it to 2 hours; set it to
## whichever age you want.
add_header Strict-Transport-Security "max-age=7200";
root /var/www/example.com/;
index index.php;
}
@istiyakamin
Copy link

You did amazing <3 for it

@thebetar
Copy link

thebetar commented Oct 2, 2023

I think changing rewrite ^ https://$server_name$request_uri? permanent; to rewrite ^ https://$host$request_uri? permanent; would make it more robust for typos or something in the server_name

@timcheadle
Copy link
Author

@thebetar you're totally right! I've updated it.

@mukhtarovsarvar
Copy link

image
i have this error

@YadgarovFayzullo
Copy link

image i have this error

Привет. Ты решил эту проблему? Если да то можешь скинуть ssl?

@mukhtarovsarvar
Copy link

image i have this error

Привет. Ты решил эту проблему? Если да то можешь скинуть ssl?

Привет. Нет, у меня было другое решение. Я поставил SSL-сертификат в kerio control

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment