fic/server
Archived
1
0
Fork 0
Code Issues Pull requests 10 Releases Wiki Activity

Ready to generate new certificates

Browse source
This commit is contained in:
nemunaire 2014-01-21 03:07:52 +01:00
commit cc588d51f9
7 changed files with 66 additions and 208 deletions
Download patch file Download diff file Expand all files Collapse all files

15
nginx.conf
View file

@ -2,6 +2,13 @@ server_tokens off;
client_header_buffer_size 512;
client_max_body_size 512;
server {
listen 80 default;
listen [::]:80 ipv6only=on default;
rewrite ^ https://$host$uri;
}
server {
listen 443 ssl;
listen [::]:443 ipv6only=on ssl;
@ -13,14 +20,14 @@ server {
access_log /var/log/nginx/fic.access_log;
error_log /var/log/nginx/fic.error_log;
ssl_certificate /var/www/fic2014-server/misc/server.crt;
ssl_certificate_key /var/www/fic2014-server/misc/server.key;
ssl_certificate /var/www/fic2014-server/server.crt;
ssl_certificate_key /var/www/fic2014-server/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!ADH:!AECDH:!MD5:!DSS;
ssl_client_certificate /var/www/fic2014-server/misc/pki/cacert.crt;
ssl_client_certificate /var/www/fic2014-server/cacert.crt;
ssl_verify_client optional;
ssl_crl /var/www/fic2014-server/misc/pki/crl.pem;
ssl_crl /var/www/fic2014-server/crl.pem;
add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";