-
-
Save vrkansagara/560acdea125138ad5b57feaed0b11fc8 to your computer and use it in GitHub Desktop.
lighttpd letsencrypt ssl conf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| combine files into ssl.pem | |
| sudo su (login as root) | |
| cd /etc/letsencrypt/live/yourdomain | |
| cat privkey.pem cert.pem > ssl.pem | |
| Forward Secrecy & Diffie Hellman Ephemeral Parameters | |
| cd /etc/ssl/certs | |
| openssl dhparam -out dhparam.pem 4096 | |
| Copy and paste the following into /etc/lighttpd/lighttpd.conf dont forget to change yourdomain to your domain | |
| or you can put it into /etc/lighttpd/conf-enabled as letsencrypt.yourdomain.conf | |
| $SERVER["socket"] == ":443" { | |
| ssl.engine = "enable" | |
| ssl.pemfile = "/etc/letsencrypt/live/yourdomain/ssl.pem" | |
| ssl.ca-file = "/etc/letsencrypt/live/yourdomain/fullchain.pem" | |
| ssl.dh-file = "/etc/ssl/certs/dhparam.pem" | |
| ssl.ec-curve = "secp384r1" | |
| ssl.honor-cipher-order = "enable" | |
| ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH" | |
| ssl.use-compression = "disable" | |
| setenv.add-response-header = ( | |
| "Strict-Transport-Security" => "max-age=63072000; includeSubdomains; preload", | |
| "X-Frame-Options" => "DENY", | |
| "X-Content-Type-Options" => "nosniff" | |
| ) | |
| ssl.use-sslv2 = "disable" | |
| ssl.use-sslv3 = "disable" | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment