commit: b5f8273312a54ad78386e32a1c83b3f86a0f2c05
parent: 3504da5cac467e367e39e2310aaa5dba6b643f45
Author: Eugen <eugen@zeonfederated.com>
Date: Wed, 5 Apr 2017 10:26:32 +0200
Merge pull request #902 from asm/ssl_best_practices
SSL best practices for nginx
Diffstat:
1 file changed, 12 insertions(+), 0 deletions(-)
diff --git a/docs/Running-Mastodon/Production-guide.md b/docs/Running-Mastodon/Production-guide.md
@@ -12,9 +12,21 @@ map $http_upgrade $connection_upgrade {
}
server {
+ listen 80;
+ listen [::]:80;
+ server_name example.com;
+ return 301 https://$host$request_uri;
+}
+
+server {
listen 443 ssl;
server_name example.com;
+ ssl_protocols TLSv1.2;
+ ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+ ssl_prefer_server_ciphers on;
+ ssl_session_cache shared:SSL:10m;
+
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
