Masterchoc

Untitled

Jun 16th, 2019
592
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Redirection http vers https
  2. server {
  3.     listen 80;
  4.     listen [::]:80;
  5.     server_name mondomaine.fr;
  6.     location ~ /\.well-known/acme-challenge {
  7.         allow all;
  8.     }
  9.     location / {
  10.         return 301 https://mondomaine.fr$request_uri;
  11.     }
  12. }
  13.  
  14. # Notre bloc serveur
  15. server {
  16.  
  17.     # spdy pour Nginx < 1.9.5
  18.     listen 443 ssl spdy;
  19.     listen [::]:443 ssl spdy;
  20.     spdy_headers_comp 9;
  21.  
  22.     # http2 pour Nginx >= 1.9.5
  23.     #listen 443 ssl http2;
  24.     #listen [::]:443 ssl http2;
  25.  
  26.     server_name mondomaine.fr;
  27.     root /var/www/mondomaine.fr;
  28.     index index.html index.htm;
  29.     error_log /var/log/nginx/mondomaine.fr.log notice;
  30.     access_log off;
  31.  
  32.     ####    Locations
  33.     # On cache les fichiers statiques
  34.     location ~* \.(html|css|js|png|jpg|jpeg|gif|ico|svg|eot|woff|ttf)$ { expires max; }
  35.     # On interdit les dotfiles
  36.     location ~ /\. { deny all; }
  37.  
  38.  
  39.     #### SSL
  40.     ssl on;
  41.     ssl_certificate /etc/letsencrypt/live/mondomaine.fr/fullchain.pem;
  42.     ssl_certificate_key /etc/letsencrypt/live/mondomaine.fr/privkey.pem;
  43.  
  44.     ssl_stapling on;
  45.     ssl_stapling_verify on;
  46.     ssl_trusted_certificate /etc/letsencrypt/live/mondomaine.fr/fullchain.pem;
  47.     # Google DNS, Open DNS, Dyn DNS
  48.     resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 216.146.35.35 216.146.36.36 valid=300s;
  49.     resolver_timeout 3s;
  50.  
  51.  
  52.  
  53.     ####    Session Tickets
  54.     # Session Cache doit avoir la même valeur sur tous les blocs "server".
  55.     ssl_session_cache shared:SSL:100m;
  56.     ssl_session_timeout 24h;
  57.     ssl_session_tickets on;
  58.     # [ATTENTION] il faudra générer le ticket de session.
  59.     ssl_session_ticket_key /etc/nginx/ssl/ticket.key;
  60.  
  61.     # [ATTENTION] Les paramètres Diffie-Helman doivent être générés
  62.     ssl_dhparam /etc/nginx/ssl/dhparam4.pem;
  63.  
  64.  
  65.  
  66.     ####    ECDH Curve
  67.     ssl_ecdh_curve secp384r1;
  68.     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  69.     ssl_prefer_server_ciphers on;
  70.     ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
  71.  
  72. }
RAW Paste Data