Merge pull request #25 from Osedea/nginx-ssl-cyphers

Added nginx ssl cyphers
Osedea · Sep 29, 2016 · 45b809c · 45b809c
2 parents 14c25ec + 22068ad
commit 45b809c
Showing 1 changed file with 11 additions and 7 deletions.
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
@@ -1,11 +1,10 @@
 user www-data;
-worker_processes 4;
+worker_processes auto;
 pid /run/nginx.pid;
 daemon off;
 
 events {
   worker_connections  2048;
-  multi_accept on;
   use epoll;
 }
 
@@ -17,13 +16,18 @@ http {
   keepalive_timeout 15;
   types_hash_max_size 2048;
   client_max_body_size 20M;
-  include /etc/nginx/mime.types;
-  default_type application/octet-stream;
-  access_log /var/log/nginx/access.log;
-  error_log /var/log/nginx/error.log;
+  open_file_cache max=100;
   gzip on;
   gzip_disable "msie6";
+
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
+
+  include /etc/nginx/mime.types;
+  default_type application/octet-stream;
+
   include /etc/nginx/conf.d/*.conf;
   include /etc/nginx/sites-available/*;
-  open_file_cache max=100;
+  access_log /var/log/nginx/access.log;
+  error_log /var/log/nginx/error.log;
 }