Inital commit

2023-03-09 22:32:16 +13:00
commit eeb2e0663d
6 changed files with 157 additions and 0 deletions
--- a/conf/example.com.conf.sample
+++ b/conf/example.com.conf.sample
@@ -0,0 +1,46 @@
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name example.com;
+    server_tokens off;
+
+    location / {
+        return 301 https://example.com$request_uri;
+    }
+}
+
+server {   
+    
+     
+    ### SSL LetsEncrypt
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name example.com;
+    resolver 127.0.0.11 valid=30s ipv6=off;
+
+    location / {
+        set $backend http://example:80;
+        proxy_pass $backend;
+    }
+    
+    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
+
+    ### Create the dhparam file: 
+    ### openssl  dhparam  -out  ssl-dhparams.pem  2048
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:MozSSL:1m;  # about 4000 sessions
+    ssl_session_tickets off;
+
+    # intermediate configuration
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+
+    # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+    add_header Strict-Transport-Security "max-age=63072000" always;
+}