/nginx-ssl-conf

No description, website, or topics provided.
Switch branches/tags
Nothing to show
Find file
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Download ZIP

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching Xcode...

If nothing happens, download Xcode and try again.

Launching Visual Studio...

If nothing happens, download the GitHub extension for Visual Studio and try again.

Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
README.md
site-ssl.conf

README.md

Nginx SSL/TLS Configuration

This is mostly here just so that I don't have to go hunt down the recommended Nginx configuration whenever I set up a new server. It can be cloned into the /etc/nginx/ directory.

The file site-ssl.conf is intended to be included in the configuration wherever a server that uses SSL is defined, such as in /etc/nginx/sites-available/example.com:

server {
    ...
    include /etc/nginx/nginx-ssl-conf/site-ssl.conf;
    ...
}

An example is present in the file itself. The paths are set up as if the certificates and keys are produced by Letsencrypt, but they can be modified for different paths.

Disclaimer

I am not a security professional, so do not use this configuration in production. There may be errors in the configuration that at best prevent Nginx from starting and at worst create a vulnerability in your server.

Sources

The following pages were borrowed from:

https://scotthelme.co.uk/hpkp-http-public-key-pinning/

https://gist.github.com/plentz/6737338