http { # SSL CONFIGURATION # Key locations ssl_certificate /etc/letsencrypt/live/your.domain.here/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/your.domain.here/privkey.pem; # Allowed protocols ssl_protocols TLSv1.2; # Allowed cyphers # ssl_ciphers EECDH+CHACHA20:EECDH+AES; # Cache settings ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; # Still gotta figure out what these do # ssl_session_tickets off; # ssl_prefer_server_ciphers on; # ssl_ecdh_curve X25519:prime256v1:secp521r1:secp384r1; # Auto-route all HTTP requests to HTTPS server { listen 80; listen [::]:80; server_name _; return 301 https://$host:443$request_uri; } # LOAD SITES include sites_enabled/*.conf; }