Changeset 711


Ignore:
Timestamp:
Apr 14, 2015, 9:06:19 AM (5 years ago)
Author:
lucas
Message:

nginx.conf: SSL defaults based on https://mozilla.github.io/server-side-tls/ssl-config-generator/

File:
1 edited

Legend:

Unmodified
Added
Removed
  • ror-farm/nginx/nginx.conf

    r654 r711  
    3131    gzip_disable "MSIE [1-6]\.(?!.*SV1)";
    3232
     33    gzip_proxied any;
     34    gzip_vary on;
     35    gzip_types text/plain text/html text/css text/javascript application/x-javascript text/xml application/xml application/xml+rss;
     36
    3337    include /etc/nginx/conf.d/*.conf;
    3438    include /etc/nginx/sites-enabled/*;
     
    4953    proxy_buffers           32 4k;
    5054
     55    ssl_session_timeout 5m;
     56    ssl_session_cache shared:SSL:50m;
     57    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
     58    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
     59    ssl_prefer_server_ciphers on;
    5160}
    52 
    53 # mail {
    54 #     # See sample authentication script at:
    55 #     # http://wiki.nginx.org/NginxImapAuthenticateWithApachePhpScript
    56 #
    57 #     # auth_http localhost/auth.php;
    58 #     # pop3_capabilities "TOP" "USER";
    59 #     # imap_capabilities "IMAP4rev1" "UIDPLUS";
    60 #
    61 #     server {
    62 #         listen     localhost:110;
    63 #         protocol   pop3;
    64 #         proxy      on;
    65 #     }
    66 #
    67 #     server {
    68 #         listen     localhost:143;
    69 #         protocol   imap;
    70 #         proxy      on;
    71 #     }
    72 # }
Note: See TracChangeset for help on using the changeset viewer.