вторник, 26 сентября 2017 г.

Получаем A+ на SSL Server Test

  

Создаем сниппет /etc/nginx/snippents/ssl.conf
ssl on;

ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_prefer_server_ciphers on;

ssl_session_cache shared:TLS:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;

ssl_protocols TLSv1.2;
ssl_ciphers "EECDH:+AES256:-3DES:RSA+AES:RSA+3DES:!NULL:!RC4:!DES-CBC3-SHA";

ssl_ecdh_curve secp384r1;

ssl_stapling on;
ssl_stapling_verify on;

resolver 8.8.8.8 8.8.4.4 [2001:4860:4860::8888] [2001:4860:4860::8844] valid=300s;

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
Осталось подключить его в секциию server
    include /etc/nginx/snippets/ssl.conf;
    ssl_certificate /etc/letsencrypt/live/vyachin.net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/vyachin.net/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/vyachin.net/fullchain.pem;

Комментариев нет:

Отправить комментарий