about summary refs log tree commit diff
path: root/deploy/conf/common-ssl.conf
diff options
context:
space:
mode:
authorStarfall <us@starfall.systems>2023-01-17 13:59:40 -0600
committerStarfall <us@starfall.systems>2023-01-17 14:26:55 -0600
commit7515716e7f3950a3a6de04aac1b88215aa40795e (patch)
tree9a67642bfde79cfef092de8b87a3c80bd2ccad43 /deploy/conf/common-ssl.conf
parent0d0c26b589a0fedb4cf336683da4c0272a4391d1 (diff)
update almost everything except the setup script
Diffstat (limited to 'deploy/conf/common-ssl.conf')
-rw-r--r--deploy/conf/common-ssl.conf28


1 files changed, 28 insertions, 0 deletions
diff --git a/deploy/conf/common-ssl.conf b/deploy/conf/common-ssl.conf
new file mode 100644
index 0000000..e30b7b8
--- /dev/null
+++ b/deploy/conf/common-ssl.conf
@@ -0,0 +1,28 @@
+server_tokens off;
+
+ssl_certificate /srv/plural.cafe/.acme.sh/plural.cafe/fullchain.cer;
+ssl_certificate_key /srv/plural.cafe/.acme.sh/plural.cafe/plural.cafe.key;
+ssl_trusted_certificate /srv/plural.cafe/.acme.sh/plural.cafe/plural.cafe.cer;
+
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
+ssl_ecdh_curve X25519:secp384r1:prime256v1;
+ssl_prefer_server_ciphers on;
+ssl_session_cache shared:TLS:2m;
+ssl_session_timeout 10m;
+ssl_session_tickets off;
+ssl_stapling on;
+ssl_stapling_verify on;
+
+keepalive_timeout 70;
+sendfile on;
+client_max_body_size 0;
+
+add_header X-Frame-Options DENY;
+add_header X-Content-Type-Options nosniff;
+add_header X-XSS-Protection "1; mode=block";
+add_header Referrer-Policy "same-origin";
+add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
+
+resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s;
+resolver_timeout 5s;

 

generated by cgit-pink  (git 2.37.1) at 2025-02-16 15:17:27 +0000