http { # SSL CONFIGURATION # Key locations ssl_certificate /etc/letsencrypt/live/${MAIN_DOMAIN}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/${MAIN_DOMAIN}/privkey.pem; # Allowed protocols ssl_protocols TLSv1.2; # Allowed cyphers # ssl_ciphers EECDH+CHACHA20:EECDH+AES; # Cache settings ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; # Still gotta figure out what these do ssl_session_tickets off; ssl_prefer_server_ciphers on; ssl_ecdh_curve X25519:prime256v1:secp521r1:secp384r1; # Auto-route all HTTP requests to HTTPS server { listen ${HTTP_PORT}; listen [::]:${HTTP_PORT}; server_name _; return 301 https://$host:${HTTPS_PORT}$request_uri; } # LOAD SITES include sites-enabled/*.conf; }