Last active
November 3, 2020 14:39
-
-
Save vladdancer/436684b9ba10651513e6505b1f903b4e to your computer and use it in GitHub Desktop.
NGINX https config for a single domain with PHP app on Debian 10 using Letsencrypt certificate
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 443 ssl http2; | |
| server_name example.com; | |
| root /var/www/app; | |
| index index.php index.html index.htm; | |
| ssl on; | |
| ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; | |
| add_header Strict-Transport-Security max-age=15768000; | |
| ssl_session_timeout 5m; | |
| ssl_protocols TLSv1.2 TLSv1.3; | |
| ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-G; | |
| ssl_prefer_server_ciphers on; | |
| ssl_dhparam /etc/ssl/dhparams.pem; | |
| # OCSP Stapling | |
| # fetch OCSP records from URL in ssl_certificate and cache them | |
| ssl_stapling on; | |
| ssl_stapling_verify on; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment