Guest User

Untitled

a guest
Mar 31st, 2016
107
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. server {
  2. listen 80;
  3. server_name siteadi.com;
  4.  
  5. access_log off;
  6. error_log off;
  7.  
  8. # enforce https
  9. return 301 https://$server_name$request_uri;
  10. }
  11.  
  12. server {
  13. listen 443 ssl http2;
  14. listen [::]:443 ssl http2;
  15.  
  16. ssl_certificate /etc/letsencrypt/live/siteadi.com/fullchain.pem;
  17. ssl_certificate_key /etc/letsencrypt/live/siteadi.com/privkey.pem;
  18. ssl_session_timeout 1d;
  19. ssl_session_cache shared:SSL:10m;
  20. ssl_session_tickets off;
  21.  
  22. # openssl dhparam -out dhparam.pem 2048
  23. ssl_dhparam /etc/nginx/dhparam.pem;
  24.  
  25. ssl_protocols TLSv1.1 TLSv1.2;
  26. ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
  27. ssl_prefer_server_ciphers on;
  28.  
  29. add_header Strict-Transport-Security max-age=15768000;
  30.  
  31. ##Added once to prevent multiple additions
  32. #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
  33.  
  34.  
  35. ssl_stapling on;
  36. ssl_stapling_verify on;
  37.  
  38. ## verify chain of trust of OCSP response using Root CA and Intermediate certs
  39. #ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
  40. ssl_trusted_certificate /etc/letsencrypt/live/siteadi.com/chain.pem;
  41. resolver 8.8.8.8 8.8.4.4 valid=86400;
  42. resolver_timeout 10;
  43.  
  44.  
  45.  
  46. server_name siteadi.com;
  47. .... buralar kendi nginx ayarların artık.
  48.  
  49.  
  50.  
  51. }
RAW Paste Data