-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnginx-443.conf
33 lines (25 loc) · 982 Bytes
/
nginx-443.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
server {
listen 80;
listen [::]:80;
root /var/www/WEB-URL;
index index.php index.html index.htm;
server_name WEB-URL;
rewrite ^(.*) https://WEB-URL$1 permanent;
}
server {
listen 443;
server_name WEB-URL;
root /var/www/WEB-URL;
index index.php index.html index.htm;
ssl on;
ssl_certificate /etc/ssl/certs/WEB-URL.crt;
ssl_certificate_key /etc/ssl/certs/WEB-URL.key;
#enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#Disables all weak ciphers
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-A$
ssl_prefer_server_ciphers on;
location / {
rewrite ^/([A-Za-z0-9\-\_]+)$ /$1.html break;
}
}