/ Register

Want more timely Centmin Mod News Updates?
Become a Member

Master Branch add /usr/local/nginx/conf/ss-include.conf template

Discussion in 'Centmin Mod Github Commits' started by eva2000, Jun 25, 2015.

Tags:
Previous Thread Next Thread
Loading...
  1. Jun 25, 2015 #1
    eva2000

    eva2000 Administrator Staff Member

    55,237
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,833
    Local Time:
    7:09 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  2. Jun 26, 2015 #2
    rdan

    rdan Well-Known Member

    5,450
    1,410
    113
    May 25, 2014
    Ratings:
    +2,204
    Local Time:
    5:09 PM
    Mainline
    10.2
    I'm doing something like this long time ago :D
    Easier to mange vhost file :)
     
  3. Jun 26, 2015 #3
    eva2000

    eva2000 Administrator Staff Member

    55,237
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,833
    Local Time:
    7:09 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yes less confusing for some folks to have them separate for http and https and have include file for commonly required set values across multiple https/SSL sites :)
     
  4. Jun 26, 2015 #4
    rdan

    rdan Well-Known Member

    5,450
    1,410
    113
    May 25, 2014
    Ratings:
    +2,204
    Local Time:
    5:09 PM
    Mainline
    10.2
    You may include:
    Code:
    keepalive_timeout 300;
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains;";
add_header X-Content-Type-Options "nosniff";
add_header Alternate-Protocol 443:npn-spdy/3;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 24h;
spdy_headers_comp 6;
spdy_keepalive_timeout 300;
ssl_buffer_size 1400;
ssl_session_tickets on;
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 10s;
ssl_stapling on;
ssl_stapling_verify on;
     
  5. Jun 26, 2015 #5
    eva2000

    eva2000 Administrator Staff Member

    55,237
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,833
    Local Time:
    7:09 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    some can't be included like HSTS if you want separate access to http and https for self-signed certificates etc but others can be added

    and some need to be added and auto generated with the nginx vhost creation routine so go into the vhost .conf file itself
     
    Last edited: Jun 26, 2015
Previous Thread Next Thread
Loading...

.