__ungleich_nextcloud/files/nginx-header-https-letsencrypt

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    ssl_certificate         /etc/nginx/ssl.crt;
    ssl_certificate_key     /etc/nginx/ssl.key;
    ssl_dhparam             /etc/nginx/dhparam.pem;

    # OCSP 
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/nginx/chain.pem;

    # Chipers    
    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_ciphers EECDH+AESGCM:EDH+AESGCM:EECDH:EDH:!MD5:!RC4:!LOW:!MEDIUM:!CAMELLIA:!ECDSA:!DES:!DSS:!3DES:!NULL; 
    ssl_prefer_server_ciphers on;
    ssl_ecdh_curve secp384r1;
    
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
    
    # Session resumption
    ssl_session_timeout 10m;
    ssl_session_cache off;
    ssl_session_tickets on;
    ssl_session_ticket_key /etc/nginx/nginx-ticketkey;
- improve cdist type - support for basic Nginx config under Centos and Debian - improve security feature under Nginx - support for Let's Encrypt - support for SSL 2017-07-12 21:25:32 +00:00			`server {`
			`listen 443 ssl;`
			`listen [::]:443 ssl;`
			`ssl_certificate /etc/nginx/ssl.crt;`
			`ssl_certificate_key /etc/nginx/ssl.key;`
			`ssl_dhparam /etc/nginx/dhparam.pem;`

			`# OCSP`
			`ssl_stapling on;`
			`ssl_stapling_verify on;`
			`ssl_trusted_certificate /etc/nginx/chain.pem;`

			`# Chipers`
			`ssl_protocols TLSv1.2 TLSv1.1 TLSv1;`
			`ssl_ciphers EECDH+AESGCM:EDH+AESGCM:EECDH:EDH:!MD5:!RC4:!LOW:!MEDIUM:!CAMELLIA:!ECDSA:!DES:!DSS:!3DES:!NULL;`
			`ssl_prefer_server_ciphers on;`
			`ssl_ecdh_curve secp384r1;`

			`add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";`

			`# Session resumption`
			`ssl_session_timeout 10m;`
			`ssl_session_cache off;`
			`ssl_session_tickets on;`
			`ssl_session_ticket_key /etc/nginx/nginx-ticketkey;`