mirror of https://github.com/keeweb/keeweb.git
36 lines
1017 B
Plaintext
36 lines
1017 B
Plaintext
server {
|
|
listen 443 ssl;
|
|
root /keeweb;
|
|
index index.html;
|
|
server_name localhost;
|
|
ssl_certificate /etc/nginx/external/cert.pem;
|
|
ssl_certificate_key /etc/nginx/external/key.pem;
|
|
|
|
server_tokens off;
|
|
add_header X-Content-Type-Options nosniff;
|
|
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
|
|
|
|
# https://scotthelme.co.uk/a-plus-rating-qualys-ssl-test/
|
|
# http://www.howtoforge.com/ssl-perfect-forward-secrecy-in-nginx-webserver
|
|
|
|
ssl_dhparam /etc/nginx/external/dh.pem;
|
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # disable poodle
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
|
|
|
|
location / {
|
|
try_files $uri $uri/ =404;
|
|
}
|
|
location ~ /\. {
|
|
deny all;
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 80 default_server;
|
|
listen [::]:80 default_server;
|
|
server_name _;
|
|
return 301 https://$host$request_uri;
|
|
}
|