| @@ -0,0 +1,37 @@
+
+#server {
+# listen 443;
+# server_name _;
+
+# ssl on;
+# ssl_certificate cert.pem;
+# ssl_certificate_key cert.key;
+
+# Don't use outdated SSLv3 protocol. Protects against BEAST and POODLE attacks.
+# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+
+# Use secure ciphers - courtesy Cloudflare
+# ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
+# ssl_prefer_server_ciphers on;
+
+# ssl_session_cache shared:SSL:20m;
+# ssl_session_tickets on;
+# ssl_session_timeout 30m;
+
+# HSTS - Use HTTPS exclusively , uncomment one.
+# add_header Strict-Transport-Security "max-age=15768000; includeSubdomains";
+
+# create new one with: openssl dhparam -out dhparams.pem 2048
+# ssl_dhparam /etc/nginx/ssl/dhparams_2048.pem;
+
+# ssl_buffer_size 4k;
+
+# if you want extra security at the cost of considerable pressure on processor ..
+# ssl_ecdh_curve secp384r1;
+
+# location / {
+# root html;
+# index index.html index.htm;
+# }
+#}
+
|
