Mirror/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2025-07-15 20:25:17 +03:00
Code Issues Wiki Activity
aports/testing/z-push/nginx-ssl.example.conf
Noel Kuntze 4815d28f6e testing/z-push: new aport 
open-source implementation of the ActiveSync protocol
2021-08-05 18:47:18 +00:00

56 lines
2.5 KiB
Text
Raw Blame History

server {
# server_name YOUR_SERVER_FQDN; ## uncomment replace this with something like www.example.com
listen 443;
server_tokens off; ## Don't show the nginx version number, a security best practice
root /usr/share/nginx/html;
index index.html index.htm;
## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
##
## Generate a strong SSL-Certificate and DHE parameter:
## openssl genrsa -out /etc/ssl/private/kopano.key 4096
## openssl req -new -sha512 -key /etc/ssl/private/kopano.key -out /tmp/kopano.csr
## openssl x509 -req -days 3650 -in /tmp/kopano.csr -signkey /etc/ssl/private/kopano.key -out /etc/ssl/private/kopano.crt
## openssl dhparam -out /etc/ssl/private/kopano.dh 4096
## chmod go-rwx /etc/ssl/private/kopano.*;
## chmod u+rw /etc/ssl/private/kopano.*
## chown root:root /etc/ssl/private/kopano.*
##
ssl on;
ssl_certificate_key /etc/ssl/private/kopano.key;
ssl_certificate /etc/ssl/private/kopano.crt;
ssl_dhparam /etc/ssl/private/kopano.dh;
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
## The recommended cipher suite for backwards compatibility (IE6/WinXP):
ssl_ciphers 'AES256+EECDH:AES256+EDH:!aNULL';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
## Replace with your ssl_trusted_certificate. For more info see:
## - https://medium.com/devops-programming/4445f4862461
## - https://www.ruby-forum.com/topic/4419319
## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
## - https://raymii.org/s/tutorials/OCSP_Stapling_on_nginx.html
## - http://freiburg79.de/ocsp-stapling-mit-nginx/
# ssl_stapling on;
# ssl_stapling_verify on;
# ssl_stapling_file /etc/ssl/private/de-autorisation-m.ocsp;
# resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
# resolver_timeout 5s;
# HIDDEN FILES AND FOLDERS
rewrite ^(.*)\/\.(.*)$ @404 break;
location = @404 {
return 404;
}
include ${PATH_TO_ATTACHED_LOCATION_FILE};
}
Reference in a new issue View git blame Copy permalink