Commit | Line | Data |
---|---|---|
cc84a658 LMM |
1 | server { |
2 | listen 80; | |
e6a9ff79 | 3 | server_name SERVERNAME_TOKEN; |
cc84a658 LMM |
4 | |
5 | include /etc/nginx/mediagoblin-common.conf; | |
6 | ||
7 | ## redirect http to https ## | |
3cee5163 | 8 | rewrite ^ https://$server_name$request_uri? permanent; |
cc84a658 | 9 | |
e6a9ff79 LMM |
10 | access_log /var/log/nginx/SERVERNAME_TOKEN-ssl.access.log; |
11 | error_log /var/log/nginx/SERVERNAME_TOKEN-ssl.error.log; | |
cc84a658 LMM |
12 | } |
13 | ||
14 | server { | |
15 | listen 443; | |
16 | ||
17 | include /etc/nginx/mediagoblin-common.conf; | |
18 | ||
e6a9ff79 LMM |
19 | access_log /var/log/nginx/SERVERNAME_TOKEN-ssl.access.log; |
20 | error_log /var/log/nginx/SERVERNAME_TOKEN-ssl.error.log; | |
cc84a658 LMM |
21 | |
22 | ssl on; | |
23 | ||
24 | ## Use a SSL/TLS cache for SSL session resume. | |
25 | ssl_session_cache shared:SSL:10m; | |
26 | ssl_session_timeout 10m; | |
27 | ||
e6a9ff79 LMM |
28 | ssl_certificate /etc/letsencrypt/live/SERVERNAME_TOKEN/fullchain.pem; |
29 | ssl_certificate_key /etc/letsencrypt/live/SERVERNAME_TOKEN/privkey.pem; | |
cc84a658 LMM |
30 | |
31 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
32 | ssl_prefer_server_ciphers on; | |
33 | ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; | |
34 | ||
35 | } |