renken/shione
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

shione: nginx: follow mozilla ssl recommendation

Browse source
This commit is contained in:
Renken 2024-07-30 01:20:35 +02:00
parent 91b27fb97b
commit 2f25948d3c
Signed by: renken
GPG key ID: 1F2BB159B645E575
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
config/shione/nginx/files/etc/nginx/sites-available/shione.net
View file

@ -25,6 +25,7 @@ server {
# SSL configuration
#
# Partially generated by https://ssl-config.mozilla.org/.
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
#
@ -44,6 +45,18 @@ server {
ssl_certificate_key /etc/letsencrypt/live/shione.net/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
#
# See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security.
add_header Strict-Transport-Security "max-age=63072000" always;
# Prevent spam.
add_header X-Robots-Tag "noai, noimageai" always;
server_name shione.net www.shione.net;
location ~* \.(htaccess|htpasswd) {