View paste THQQ

	`ssl_session_timeout 1d;`
	`ssl_session_cache shared:MozSSL:10m; # about 40000 sessions`
	`ssl_session_tickets off;`

	`# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /usr/local/etc/ssl/dhparam.pem`
	`ssl_dhparam /usr/local/etc/ssl/dhparam.pem;`

	`# intermediate configuration`
	`ssl_protocols TLSv1.2 TLSv1.3;`
	`ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;`
	`ssl_prefer_server_ciphers off;`

	`# HSTS (ngx_http_headers_module is required) (63072000 seconds)`
	`add_header Strict-Transport-Security "max-age=63072000" always;`

	`# OCSP stapling`
	`ssl_stapling on;`
	`ssl_stapling_verify on;`

Filename: snippets/ssl-params-intermediate.conf. Size: 776b. View raw, , hex, or download this file.

	`curl -I -v --tlsv1.2 --tls-max 1.2 https://cloud.mydomain.com`
	`* Host cloud.mydomain.com:443 was resolved.`
	`* IPv6: (none)`
	`* IPv4: 192.168.30.200`
	`* Trying 192.168.30.200:443...`
	`* Connected to cloud.mydomain.com (192.168.30.200) port 443`
	`* ALPN: curl offers h2,http/1.1`
	`* TLSv1.2 (OUT), TLS handshake, Client hello (1):`
	`* CAfile: /etc/ssl/certs/ca-certificates.crt`
	`* CApath: none`
	`* TLSv1.2 (IN), TLS alert, protocol version (582):`
	`* OpenSSL/3.3.1: error:0A00042E:SSL routines::tlsv1 alert protocol version`
	`* Closing connection`
	`curl: (35) OpenSSL/3.3.1: error:0A00042E:SSL routines::tlsv1 alert protocol version`

Filename: output. Size: 624b. View raw, , hex, or download this file.

	`server {`
	`listen 443 ssl http2;`

	`server_name cloud.mydomain.com;`
	`access_log /var/log/nginx/cloud.access.log;`
	`error_log /var/log/nginx/cloud.error.log;`

	`proxy_hide_header Strict-Transport-Security;`
	`include snippets/mydomain.com.cert.conf;`
	`include snippets/ssl-params-intermediate.conf;`

	`location / {`
	`include snippets/proxy-params.conf;`

	`proxy_connect_timeout 300;`
	`proxy_send_timeout 300;`
	`proxy_read_timeout 300;`
	`send_timeout 300;`
	`fastcgi_send_timeout 300;`
	`fastcgi_read_timeout 300;`

	`proxy_pass http://192.168.30.200:8085;`
	`}`

	`location /.well-known/carddav {`
	`return 301 $scheme://$host/remote.php/dav;`
	`}`
	`location /.well-known/caldav {`
	`return 301 $scheme://$host/remote.php/dav;`
	`}`
	`}`

Filename: cloud.mydomain.com.conf. Size: 973b. View raw, , hex, or download this file.

Are you sure you'd like to remove this file?