Modify sample nginx config to include TLSv1.3 (#52)

- Modify sample nginx config to include TLSv1.3: Config adapted from https://ssl-config.mozilla.org/
- clean up & copy to japanese version

Co-authored-by: Johann150 <johann.galle@protonmail.com>

src/docs/admin/nginx.md

@@ -31,7 +31,10 @@ server {
     listen 443 ssl http2;
     listen [::]:443 ssl http2;
     server_name example.tld;
+
+    ssl_session_timeout 1d;
     ssl_session_cache shared:ssl_session_cache:10m;
+    ssl_session_tickets off;
 
     # To use Let's Encrypt certificate
     ssl_certificate     /etc/letsencrypt/live/example.tld/fullchain.pem;
@@ -42,9 +45,11 @@ server {
     #ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
 
     # SSL protocol settings
-    ssl_protocols TLSv1.2;
-    ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES128-SHA;
-    ssl_prefer_server_ciphers on;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+    ssl_stapling on;
+    ssl_stapling_verify on;
 
     # Change to your upload limit
     client_max_body_size 80m;

src/en/docs/admin/nginx.md

@@ -31,7 +31,10 @@ server {
     listen 443 ssl http2;
     listen [::]:443 ssl http2;
     server_name example.tld;
+
+    ssl_session_timeout 1d;
     ssl_session_cache shared:ssl_session_cache:10m;
+    ssl_session_tickets off;
 
     # To use Let's Encrypt certificate
     ssl_certificate     /etc/letsencrypt/live/example.tld/fullchain.pem;
@@ -42,9 +45,11 @@ server {
     #ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
 
     # SSL protocol settings
-    ssl_protocols TLSv1.2;
-    ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES128-SHA;
-    ssl_prefer_server_ciphers on;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+    ssl_stapling on;
+    ssl_stapling_verify on;
 
     # Change to your upload limit
     client_max_body_size 80m;