blob: e30b7b88cbe6d99cac3e5f4c733ba92af2c892d5 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
server_tokens off;
ssl_certificate /srv/plural.cafe/.acme.sh/plural.cafe/fullchain.cer;
ssl_certificate_key /srv/plural.cafe/.acme.sh/plural.cafe/plural.cafe.key;
ssl_trusted_certificate /srv/plural.cafe/.acme.sh/plural.cafe/plural.cafe.cer;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
ssl_ecdh_curve X25519:secp384r1:prime256v1;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:TLS:2m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
keepalive_timeout 70;
sendfile on;
client_max_body_size 0;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "same-origin";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s;
resolver_timeout 5s;
|
