about summary refs log tree commit diff
path: root/docs/Running-Mastodon
diff options
context:
space:
mode:
authorEugen <eugen@zeonfederated.com>2017-04-05 10:26:32 +0200
committerGitHub <noreply@github.com>2017-04-05 10:26:32 +0200
commitb5f8273312a54ad78386e32a1c83b3f86a0f2c05 (patch)
tree2d512bdcb55160e10263f73833209b32973273d1 /docs/Running-Mastodon
parent3504da5cac467e367e39e2310aaa5dba6b643f45 (diff)
parentfa7b74cf51e2b5c7c60aaf3ec529ba2292450d7b (diff)
Merge pull request #902 from asm/ssl_best_practices
SSL best practices for nginx
Diffstat (limited to 'docs/Running-Mastodon')
-rw-r--r--docs/Running-Mastodon/Production-guide.md12
1 files changed, 12 insertions, 0 deletions
diff --git a/docs/Running-Mastodon/Production-guide.md b/docs/Running-Mastodon/Production-guide.md
index b1f7bd35b..d539ddf64 100644
--- a/docs/Running-Mastodon/Production-guide.md
+++ b/docs/Running-Mastodon/Production-guide.md
@@ -12,9 +12,21 @@ map $http_upgrade $connection_upgrade {
 }
 
 server {
+  listen 80;
+  listen [::]:80;
+  server_name example.com;
+  return 301 https://$host$request_uri;
+}
+
+server {
   listen 443 ssl;
   server_name example.com;
 
+  ssl_protocols TLSv1.2;
+  ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+  ssl_prefer_server_ciphers on;
+  ssl_session_cache shared:SSL:10m;
+
   ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;