Skip to content
Snippets Groups Projects
Commit fa7b74cf authored by Jason Snell's avatar Jason Snell
Browse files

SSL best practices for nginx

parent ccb6a658
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
docs/Running-Mastodon/Production-guide.md
+ 12
0
View file @ fa7b74cf
......@@ -11,10 +11,22 @@ map $http_upgrade $connection_upgrade {
'' close;
}
server {
listen 80;
listen [::]:80;
server_name example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
ssl_protocols TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment