26 lines
745 B
HTML
26 lines
745 B
HTML
ssl_session_timeout 1d;
|
||
ssl_session_cache shared:SSL:50m;
|
||
ssl_session_tickets off;<!--
|
||
|
||
✘ SSLProfileModern --><span ng-if="!isSSLProfileModern()">
|
||
|
||
# Diffie-Hellman parameter for DHE ciphersuites
|
||
ssl_dhparam /etc/nginx/dhparam.pem;</span>
|
||
|
||
# {{ data.ssl_profile }} configuration
|
||
ssl_protocols {{ sslProfiles[ data.ssl_profile ].protocols }};
|
||
ssl_ciphers {{ sslProfiles[ data.ssl_profile ].ciphers }};
|
||
ssl_prefer_server_ciphers on;<!--
|
||
|
||
✔ HSTS--><span ng-if="isHSTS()">
|
||
|
||
# HSTS (1 year, preload)
|
||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;</span>
|
||
|
||
# OCSP Stapling
|
||
ssl_stapling on;
|
||
ssl_stapling_verify on;
|
||
|
||
resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
|
||
resolver_timeout 2s;
|