nginx-sample-configs
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
nginx-sample-configs [2023/03/20 17:38] rklein created |
nginx-sample-configs [2024/03/11 16:37] (current) rklein |
||
|---|---|---|---|
| Line 21: | Line 21: | ||
| </ | </ | ||
| + | file kc-certs.conf | ||
| + | < | ||
| + | ssl_certificate / | ||
| + | ssl_certificate_key / | ||
| + | </ | ||
| + | file kc-ssl-params.conf | ||
| + | < | ||
| + | # should be also TLSv1.3 if possible | ||
| + | ssl_protocols TLSv1.2; | ||
| + | ssl_prefer_server_ciphers on; | ||
| + | ssl_dhparam / | ||
| + | ssl_ciphers EECDH+AESGCM: | ||
| + | ssl_ecdh_curve secp384r1; | ||
| + | ssl_session_timeout | ||
| + | ssl_session_cache shared: | ||
| + | ssl_session_tickets off; | ||
| + | ssl_stapling off; | ||
| + | ssl_stapling_verify off; | ||
| + | # replace follwing with local dns | ||
| + | resolver 8.8.8.8 valid=300s; | ||
| + | resolver_timeout 5s; | ||
| + | # Disable strict transport security for now. You can uncomment the following | ||
| + | # line if you understand the implications. | ||
| + | #add_header Strict-Transport-Security " | ||
| + | add_header X-Frame-Options DENY; | ||
| + | add_header X-Content-Type-Options nosniff; | ||
| + | add_header X-XSS-Protection "1; mode=block"; | ||
| + | |||
| + | </ | ||
| + | |||
| + | ---- | ||
| + | |||
| + | ansible role for adding client certs to firefox/ | ||
| + | |||
| + | https:// | ||
nginx-sample-configs.1679330292.txt.gz · Last modified: 2023/03/20 17:38 by rklein
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
