listen 0.0.0.0:%HTTPS_PORT% default_server ssl %HTTP2%;
ssl_certificate /etc/nginx/default-cert.pem;
ssl_certificate_key /etc/nginx/default-key.pem;
ssl_protocols %HTTPS_PROTOCOLS%;
ssl_prefer_server_ciphers off;
ssl_session_tickets off;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
%SSL_DHPARAM%
%SSL_CIPHERS%