#load_module /usr/local/libexec/nginx/ngx_http_brotli_filter_module.so; load_module /usr/local/libexec/nginx/ngx_ssl_ct_module.so; load_module /usr/local/libexec/nginx/ngx_http_ssl_ct_module.so; #load_module /usr/local/libexec/nginx/ngx_http_brotli_static_module.so; #load_module /usr/local/libexec/nginx/ngx_http_fancyindex_module.so; #load_module /usr/local/libexec/nginx/ngx_http_redis_module.so; #load_module /usr/local/libexec/nginx/ngx_http_echo_module.so; #load_module /usr/local/libexec/nginx/ngx_http_headers_more_filter_module.so; #load_module /usr/local/libexec/nginx/ngx_http_set_misc_module.so; #user nobody; worker_processes 2; # This default error log path is compiled-in to make sure configuration parsing # errors are logged somewhere, especially during unattended boot when stderr # isn't normally logged anywhere. This path will be touched on every nginx # start regardless of error log location configured here. See # https://trac.nginx.org/nginx/ticket/147 for more info. # #error_log /var/log/nginx/error.log; # #pid logs/nginx.pid; events { worker_connections 8196; } http { include mime.types; default_type application/octet-stream; sendfile on; ssl_certificate /usr/local/etc/letsencrypt/live/my.domain.com/fullchain.pem; ssl_certificate_key /usr/local/etc/letsencrypt/live/my.domain.com/privkey.pem; ssl_ct on; ssl_ct_static_scts /usr/local/etc/letsencrypt/live/my.domain.com/scts; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS; ssl_dhparam /usr/local/openssl/certs/dhparams.pem; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; ssl_session_timeout 30m; keepalive_timeout 70; gzip on; include conf.d/*conf; }