Last active
December 13, 2017 08:03
-
-
Save Kol007/8dfac7b2a06a0ffa637954cc1ad563c5 to your computer and use it in GitHub Desktop.
Nginx configs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
###### gzip.conf Gzip settings ############################################### | |
gzip on; | |
gzip_disable "msie6"; | |
gzip_vary on; | |
gzip_proxied any; | |
gzip_comp_level 6; | |
gzip_buffers 16 8k; | |
gzip_http_version 1.1; | |
gzip_min_length 256; | |
gzip_types text/plain text/css application/json text/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon; | |
#################################################################### |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# openssl dhparam -out /*path*/dhparam.pem 4096 | |
###### ssl.conf SSL settings ############################################### | |
ssl_dhparam /*path*/dhparam.pem; | |
ssl_session_cache shared:SSL:20m; | |
ssl_session_timeout 10m; | |
ssl_stapling on; | |
ssl_stapling_verify on; | |
ssl_trusted_certificate /*path*/cert.bundle; | |
## need local trust DNS | |
resolver 8.8.4.4 8.8.8.8 valid=300s; | |
resolver_timeout 10s; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_prefer_server_ciphers on; | |
# not for IE 6 and WinXP | |
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; | |
#The recommended cipher suite for backwards compatibility (IE6/WinXP): | |
#ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; | |
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; | |
add_header X-Frame-Options SAMEORIGIN; | |
#################################################################### |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment