Darren/dpaste
1
0
Fork 0
mirror of https://github.com/DarrenOfficial/dpaste.git synced 2024-11-15 16:12:51 +11:00
Code Issues Projects Releases Packages Wiki Activity

Updated SSL conf using letsencrypt

Browse source
This commit is contained in:
Martin Mahner 2015-12-08 15:12:55 +00:00
parent 0736f83b07
commit 240ccb1cdd
1 changed files with 27 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
server/nginx.conf
View file

@ -14,7 +14,6 @@ log_format combined_port '$remote_addr - $remote_user [$time_local] '
# ----------------------------------------------------------------------------- # -----------------------------------------------------------------------------
server { server {
listen 80; listen 80;
listen [::]:80;
server_name dpaste.de server_name dpaste.de
www.dpaste.de www.dpaste.de
@ -24,6 +23,11 @@ server {
location / { location / {
rewrite ^ https://$server_name$request_uri? permanent; rewrite ^ https://$server_name$request_uri? permanent;
} }
location /.well-known/acme-challenge/ {
alias /var/www/challenges/;
try_files $uri =404;
}
} }
# ----------------------------------------------------------------------------- # -----------------------------------------------------------------------------
@ -32,12 +36,21 @@ server {
server { server {
listen 443 ssl spdy; listen 443 ssl spdy;
listen [::]:443 ssl spdy;
server_name dpaste.org www.dpaste.org; server_name dpaste.org www.dpaste.org;
ssl_certificate /srv/dpaste.de/var/ssl/dpaste_org_unified.crt; ssl on;
ssl_certificate_key /srv/dpaste.de/var/ssl/dpaste_org.key; ssl_certificate /srv/dpaste.de/etc/ssl/dpaste_org_chained.pem;
ssl_certificate_key /srv/dpaste.de/etc/ssl/dpaste_org.key;
ssl_dhparam /etc/ssl/dhparam.pem;
# SSL modern config for modern browsers Pete told me
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=25200; add_header Strict-Transport-Security max-age=25200;
# Redirect to dpaste.de # Redirect to dpaste.de
@ -48,16 +61,20 @@ server {
server { server {
listen 443 ssl spdy; listen 443 ssl spdy;
listen [::]:443 ssl spdy;
server_name dpaste.de www.dpaste.de; server_name dpaste.de www.dpaste.de;
ssl_certificate /srv/dpaste.de/var/ssl_2015/ssl-unified.crt; ssl on;
ssl_certificate_key /srv/dpaste.de/var/ssl_2015/ssl.key; ssl_certificate /srv/dpaste.de/etc/ssl/dpaste_de_chained.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_certificate_key /srv/dpaste.de/etc/ssl/dpaste_de.key;
ssl_ciphers AES256+EECDH:AES256+EDH; ssl_dhparam /etc/ssl/dhparam.pem;
ssl_session_cache builtin:1000 shared:SSL:5m;
# SSL modern config for modern browsers Pete told me
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=25200; add_header Strict-Transport-Security max-age=25200;