From 354261058acef6a5929337465ff8466a9f046d40 Mon Sep 17 00:00:00 2001 From: creme Date: Sat, 8 Aug 2020 22:31:27 +0000 Subject: [PATCH] update etc/nginx/user-sites-available/antonmcclure.com.conf --- .../antonmcclure.com.conf | 27 +++++++++---------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/etc/nginx/user-sites-available/antonmcclure.com.conf b/etc/nginx/user-sites-available/antonmcclure.com.conf index 5a5c83a..423f83c 100644 --- a/etc/nginx/user-sites-available/antonmcclure.com.conf +++ b/etc/nginx/user-sites-available/antonmcclure.com.conf @@ -20,23 +20,22 @@ server { # include snippets/ddos_mid.conf; server_name antonmcclure.com www.antonmcclure.com; - #include snippets/ssl.conf - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:HIGH:!aNULL:!MD5'; - ssl_prefer_server_ciphers on; - ssl_session_cache shared:SSL:10m; - ssl_verify_depth 3; + include snippets/ssl.conf; - ssl_session_tickets off; -# ssl_stapling on; -# ssl_stapling_verify on; - - ssl_certificate /home/anton/configs/fullchain.pem; - ssl_certificate_key /home/anton/configs/privkey.pem; - #ssl_trusted_certificate /home/anton/configs/chain.pem; + ssl_certificate /etc/letsencrypt/live/antonmcclure.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/antonmcclure.com/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/antonmcclure.com/chain.pem; ssl_dhparam /etc/ssl/certs/envs_dhparam.pem; - include snippets/local_ssl_header.conf; + + server_tokens off; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + add_header X-Content-Type-Options nosniff; + add_header 'Referrer-Policy' 'origin, no-referrer-when-downgrade'; + add_header X-Frame-Options SAMEORIGIN; + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + error_log /var/log/nginx/antonmcclure.com-error.log crit;