14 lines
478 B
Text
14 lines
478 B
Text
listen 443 ssl http2;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/{{ server_nginx_certname }}/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/{{ server_nginx_certname }}/privkey.pem;
|
|
|
|
# Allow TLS version 1.2 only, which is a recommended default these days
|
|
# by international information security standards.
|
|
ssl_protocols TLSv1.2;
|
|
|
|
ssl_session_cache shared:SSL:1m;
|
|
ssl_session_timeout 5m;
|
|
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
ssl_prefer_server_ciphers on;
|