Ce site est optimisé pour être consulté depuis un navigateur moderne dans lequel JavaScript est activé.

SSL A+ sous Nginx

liberodark

Bonjour,

Voici une configuration A+ en SSL pour nginx by @hmichael

server {
    listen 80;
    listen [::]:80;
    server_name www.tonsite.com;

    # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
	return 301 https://$server_name:443$request_uri;
}

# HTTPS
server {
    listen 443 ssl http2;
	listen [::]:443 ssl http2;
    server_name www.tonsite.com;

    error_log /var/log/nginx/www.tonsite.com.error.log;

    root /var/www/www.tonsite.com;
    ssl on;
    ssl_certificate /etc/letsencrypt/live/www.tonsite.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.tonsite.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/www.tonsite.com/chain.pem;
    ssl_protocols TLSv1.2;
	ssl_ecdh_curve secp384r1;
    ssl_prefer_server_ciphers on;
	ssl_ciphers 'AES256+EECDH:AES256+EDH:!aNULL';
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_session_timeout 10m;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 1.1.1.1 9.9.9.9;
    resolver_timeout 5s;
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/blogtw.sock;
    }
    location / {
        try_files $uri $uri/ =404;
		index index.php;
    }
}

hmichael

liberodark Désormais tu pourras me tag sous mon vrai pseudonyme ;-)

Merci pour le crédit c'est de plus en plus rare cet honnêteté.