#server { # listen 443; # server_name _; # ssl on; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # Don't use outdated SSLv3 protocol. Protects against BEAST and POODLE attacks. # ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Use secure ciphers - courtesy Cloudflare # ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; # ssl_prefer_server_ciphers on; # ssl_session_cache shared:SSL:20m; # ssl_session_tickets on; # ssl_session_timeout 30m; # HSTS - Use HTTPS exclusively , uncomment one. # add_header Strict-Transport-Security "max-age=15768000; includeSubdomains"; # create new one with: openssl dhparam -out dhparams.pem 2048 # ssl_dhparam /etc/nginx/ssl/dhparams_2048.pem; # ssl_buffer_size 4k; # if you want extra security at the cost of considerable pressure on processor .. # ssl_ecdh_curve secp384r1; # location / { # root html; # index index.html index.htm; # } #}