[Nginx] Fix SSL temp.

master
andryyy 2017-09-11 17:37:25 +02:00
parent 013163bac9
commit 92e6c9daae
1 changed files with 11 additions and 8 deletions

View File

@ -1,4 +1,5 @@
server_tokens off; server_tokens off;
# includes to http { # includes to http {
proxy_cache_path /tmp levels=1:2 keys_zone=sogo:10m inactive=24h max_size=1g; proxy_cache_path /tmp levels=1:2 keys_zone=sogo:10m inactive=24h max_size=1g;
server_names_hash_bucket_size 64; server_names_hash_bucket_size 64;
@ -21,15 +22,17 @@ server {
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA'; ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA';
ssl_session_cache shared:SSL:50m; add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
ssl_session_timeout 1d;
ssl_session_tickets off;
add_header X-Frame-Options SAMEORIGIN; #ssl_session_cache shared:SSL:50m;
add_header X-Content-Type-Options nosniff; #ssl_session_timeout 1d;
add_header X-XSS-Protection "1; mode=block"; #ssl_session_tickets off;
add_header Referrer-Policy: no-referrer-when-downgrade;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"; #add_header X-Frame-Options SAMEORIGIN;
#add_header X-Content-Type-Options nosniff;
#add_header X-XSS-Protection "1; mode=block";
#add_header Referrer-Policy: no-referrer-when-downgrade;
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";
ssl_ecdh_curve secp384r1; ssl_ecdh_curve secp384r1;
index index.php index.html; index index.php index.html;