Untitled

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name hoy.co.uk www.hoy.co.uk;

        ssl on;

        # lets encrypt certificates
        ssl_certificate      /etc/letsencrypt/live/hoy.co.uk/fullchain.pem;
        ssl_certificate_key  /etc/letsencrypt/live/hoy.co.uk/privkey.pem;

        #SSL Optimization
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:20m;
        ssl_session_tickets off;

        # modern configuration
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AE$

        # OCSP stapling
        ssl_stapling on;
        ssl_stapling_verify on;

        # verify chain of trust of OCSP response
        ssl_trusted_certificate /etc/letsencrypt/live/hoy.co.uk/chain.pem;
        #root directory and logfiles
        root /srv/users/serverpilot/apps/hoy/public;

        access_log /srv/users/serverpilot/log/hoy/hoy_nginx.access.log main;
        error_log /srv/users/serverpilot/log/hoy/hoy_nginx.error.log;

        #proxyset
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-SSL on;
        proxy_set_header X-Forwarded-Proto $scheme;

        #includes
        include /etc/nginx.sp/vhosts.d/hoy.d/*.nonssl_conf;
        include /etc/nginx.sp/vhosts.d/hoy.d/*.conf;
}