%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /etc/nginx/
Upload File :
Create Path :
Current File : //etc/nginx/ssl_params

#ssl  on;
ssl_session_timeout  1440m;
ssl_session_cache shared:SSL:130m;
#ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_dhparam /etc/nginx/dhparam.pem;

#ssl_stapling on;
#ssl_stapling_verify on;

ssl_ciphers EECDH+AESGCM:EDH+AESGCM;

#ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DES-CBC3-SHA;
#ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:EECDH+RC4:RSA+RC4:!MD5;
#ssl_ciphers [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]:[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
#ssl_ciphers [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]:[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;

#ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:DHE-RSA-AES256-SHA:DES-CBC3-SHA;
#ssl_ciphers [EECDH+CHACHA20|EECDH+AES128]:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;

#Cloudflare
#ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:!MD5;

ssl_prefer_server_ciphers   on;
#ssl_prefer_server_ciphers off;
add_header "Strict-Transport-Security" "max-age=31536000" always;
add_header "Content-Security-Policy" "upgrade-insecure-requests" always;
#add_header "Content-Security-Policy-Report-Only" "default-src data: 'unsafe-inline' 'unsafe-eval' https:;report-uri https://csp.varak.net/report.php" always;
#add_header "Content-Security-Policy-Report-Only" "default-src https:;report-uri https://waritko.report-uri.io/r/default/csp/reportOnly";
#add_header "Content-Security-Policy-Report-Only" "default-src https:;report-uri https://csp.varak.net/report.php";
#ssl_ecdh_curve brainpoolP512t1;

# Security headers
add_header "X-Content-Type-Options" "nosniff" always;
add_header X-Xss-Protection "1; mode=block" always;
add_header "Referrer-Policy" "strict-origin-when-cross-origin" always;
#add_header X-Frame-Options "SAMEORIGIN" always;

# Extect-CT
add_header "Expect-CT" "max-age=0, report-uri=\"https://waritko.report-uri.com/r/d/ct/reportOnly\"" always;

Zerion Mini Shell 1.0