API tools faq
paste
Advertisement
Guest User

nginx secure file

a guest
Mar 9th, 2015
1,070
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Nginx 2.22 KB | None | 0 0
raw download clone embed print report
  1. # Common configuration for all servers
  2.  
  3. server_tokens        off;
  4.  
  5. # SSL Configuration
  6. ssl_certificate           /etc/nginx/ssl/server.com-chain.crt;
  7. ssl_certificate_key       /etc/nginx/ssl/server.com.key;
  8. ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
  9. # ciphers from https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
  10. ssl_ciphers               ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
  11. ssl_prefer_server_ciphers on;
  12. ssl_session_cache         shared:SSL:10m;
  13. ssl_session_timeout       10m;
  14. ssl_stapling              on;
  15. ssl_stapling_verify       on;
  16. ssl_trusted_certificate   /etc/nginx/ssl/server.com-stapling.crt;
  17. resolver                  8.8.4.4 8.8.8.8 valid=300s;
  18. resolver_timeout          10s;
  19.  
  20. # Other security options
  21. add_header X-Frame-Options SAMEORIGIN;
  22.  
  23. # Main server
  24. server {
  25.     listen               443 deferred ssl spdy;
  26.     server_name          server.com;
  27.  
  28.     # Security options
  29.     add_header Strict-Transport-Security max-age=315360000;
  30.     add_header Public-Key-Pins 'pin-sha256="u1rziz25+GNKpcA3a5r5R4jbeDfMuHMiZk494HaLuYI="; pin-sha256="GBkmBjY5vf3Ah5nrlpoJXxFzt6pzLYmUlvJySAf3CGM="; max-age=315360000';
  31.    
  32.     ...
  33. }
  34.  
  35. # http://site.com : redirect to https://site.com
  36. server {
  37.     listen        80;
  38.     server_name   site.com;
  39.     return        301 https://$server_name$request_uri;
  40. }
  41.  
  42. # http(s)://www.site.com : redirect to https://site.com
  43. server {
  44.     listen        80;
  45.     listen        443 ssl;
  46.     server_name   site.com;
  47.     return        301 https://site.com$request_uri;
  48. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!