Bonjour,
Voici une configuration A+ en SSL pour nginx by @hmichael
server {
listen 80;
listen [::]:80;
server_name www.tonsite.com;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$server_name:443$request_uri;
}
# HTTPS
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.tonsite.com;
error_log /var/log/nginx/www.tonsite.com.error.log;
root /var/www/www.tonsite.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.tonsite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.tonsite.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/www.tonsite.com/chain.pem;
ssl_protocols TLSv1.2;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_ciphers 'AES256+EECDH:AES256+EDH:!aNULL';
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 9.9.9.9;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/blogtw.sock;
}
location / {
try_files $uri $uri/ =404;
index index.php;
}
}