Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ssl_certificate /etc/letsencrypt/live/thijs365.com/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/thijs365.com/privkey.pem;
- keepalive_timeout 70;
- ssl_protocols TLSv1.2 TLSv1.3;
- ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
- #ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
- ssl_prefer_server_ciphers on;
- ssl_session_cache shared:SSL:10m;
- ssl_dhparam /etc/nginx/certs/dhparam.pem;
- ssl_ecdh_curve secp384r1;
- ssl_session_cache shared:SSL:10m;
- ssl_session_tickets off;
- ssl_session_timeout 10m;
- ssl_stapling on;
- ssl_stapling_verify on;
- resolver 1.1.1.1 1.0.0.1 valid=300s;
- resolver_timeout 5s;
- #Security headers
- add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
- #add_header Content-Security-Policy "default-src 'self' *.thijs365.com:443/* fonts.googleapis.com *.gstatic.com script-src data:self;";
- add_header X-Xss-Protection "1; mode=block" always;
- add_header X-Content-Type-Options "nosniff" always;
- add_header Referrer-Policy no-referrer;
- add_header X-Frame-Options "ALLOW-FROM https://thijs365.com/" always;
- #add_header X-Frame-Options "SAMEORIGIN" always;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement