docker-nginx-ssl-secure/ssl.conf at master · MarvAmBass/docker-nginx-ssl-secure · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# Getting a high secure SSL configured system

# Tutorials used:
# https://scotthelme.co.uk/a-plus-rating-qualys-ssl-test/
# http://www.howtoforge.com/ssl-perfect-forward-secrecy-in-nginx-webserver

# enable dh
ssl_dhparam /etc/nginx/external/dh.pem;

# protocols
ssl_protocols TLSv1.2 TLSv1.3;

add_header Strict-Transport-Security "max-age=63072000" always;

# ciphers
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;

# SSL stapling
ssl_stapling on;
ssl_stapling_verify on;