19 lines
846 B
Plaintext
19 lines
846 B
Plaintext
listen 0.0.0.0:{{ HTTPS_PORT }} ssl {% if HTTP2 == "yes" %}http2{% endif %};
|
|
ssl_certificate {{ HTTPS_CERT }};
|
|
ssl_certificate_key {{ HTTPS_KEY }};
|
|
ssl_protocols {{ HTTPS_PROTOCOLS }};
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_session_tickets off;
|
|
ssl_session_timeout 1d;
|
|
ssl_session_cache shared:MozSSL:10m;
|
|
{% if STRICT_TRANSPORT_SECURITY != "" %}
|
|
more_set_headers 'Strict-Transport-Security: {{ STRICT_TRANSPORT_SECURITY }}';
|
|
{% endif %}
|
|
{% if "TLSv1.2" in HTTPS_PROTOCOLS %}
|
|
ssl_dhparam /etc/nginx/dhparam;
|
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
|
{% endif %}
|
|
{% if AUTO_LETS_ENCRYPT %}
|
|
include {{ NGINX_PREFIX }}lets-encrypt-webroot.conf;
|
|
{% endif %}
|