ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers PROFILE=SYSTEM; ssl_prefer_server_ciphers on; }EOF Note that if you are hosting for multiple domains, you can specify differentssl_certificateandssl_certificate_keyvalues for eachserver_nameconfiguration that you create in the...
include /etc/nginx/default.d/*.conf; ssl on; ssl_protocols TLSv1.2; ssl_certificate "server.pem"; ssl_certificate_key "server.key"; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_prefer_server_ciphers on; location / { limit_except GET POST PUT { deny all; } proxy_...
EXPORT57:RC4+RSA:+MEDIUM;#ssl_prefer_server_ciphers on;#ssl_session_cache shared:SSL:2m;#ssl_session_timeout 5m;###end #域名可以有多个,用空格隔开 server_name www.pipbest.com pipbest.com;index index.html index.htm index.php;root/data/www/pipbest;location~.*.(php|php5)?${fastcgi_pas...
:black_small_square:Top 25 Nginx Web Server Best Security Practices :black_small_square:Nginx Secure Web Server :black_small_square:Strong ciphers for Apache, Nginx, Lighttpd and more :black_small_square:Strong SSL Security on Nginx :black_small_square:Enable cross-origin resource sharing (CORS)...
+ new best practice ssl_ciphers example (nginx-win.conf) + fastcgi/upstream fix: http://forum.nginx.org/read.php?29,250947,251007#msg-251007 + form-input-nginx-module (https://github.com/calio/form-input-nginx-module) + Naxsi WAF conf\naxsi_core.rules updated 15-6-2014; File u...
:black_small_square: SSL Server Rating Guide :black_small_square: How to Build a Tough NGINX Server in 15 Steps :black_small_square: Top 25 Nginx Web Server Best Security Practices :black_small_square: Nginx Secure Web Server :black_small_square: Strong ciphers for Apache, Nginx, Lighttpd...
ssl_protocols TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; location / { # 设置最大允许上传单个的文件大小 ...
2 TLSv1.3; ssl_prefer_server_ciphers off; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;...
# SSL configuration # # listen 443 ssl default_server; # listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765...
location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH...