31 lines
695 B
Plaintext
31 lines
695 B
Plaintext
http {
|
|
# COMMON SSL CONFIGURATION
|
|
# Allowed protocols
|
|
ssl_protocols TLSv1.2;
|
|
|
|
# Allowed cyphers
|
|
# ssl_ciphers EECDH+CHACHA20:EECDH+AES;
|
|
|
|
# Cache settings
|
|
ssl_session_cache shared:SSL:10m;
|
|
ssl_session_timeout 10m;
|
|
|
|
# Still gotta figure out what these do
|
|
ssl_session_tickets off;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_ecdh_curve X25519:prime256v1:secp521r1:secp384r1;
|
|
|
|
|
|
# Auto-route all HTTP requests to HTTPS
|
|
server {
|
|
listen ${HTTP_PORT};
|
|
listen [::]:${HTTP_PORT};
|
|
server_name _;
|
|
|
|
return 301 https://$host:${HTTPS_PORT}$request_uri;
|
|
}
|
|
|
|
# LOAD SITES
|
|
include sites-enabled/*.conf;
|
|
}
|