## Name: nginx-tls.conf# Auth: James Lau # Date: 09 Dec 2015# Desc: Nginx SSL/TLS configuration for "A+" Qualys SSL Labs rating## Enables HTTP/2, PFS, HSTS and OCSP stapling. Configuration options not related# to SSL/TLS are omitted here.## Example: https://www.ssllabs.com/ssltest/analyze.html?d=yusky.me#server {listen [::]:80;listen 80;server_name domain.tld www.domain.tld;# Redirect all non-https requestsrewrite ^ https://$host$request_uri? permanent;}server {listen [::]:443 default_server ssl http2;listen 443 default_server ssl http2;server_name domain.tld www.domain.tld;# Certificate(s) and private keyssl_certificate /etc/ssl/domain.crt;ssl_certificate_key /etc/ssl/domain.key;# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bitsssl_dhparam /path/to/dhparam.pem;ssl_protocols TLSv1.2 TLSv1.1 TLSv1;ssl_prefer_server_ciphers on;ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA512:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;ssl_session_timeout 1d;ssl_session_cache shared:TLS:10m;ssl_session_tickets off;# OCSP staplingssl_stapling on;ssl_stapling_verify on;resolver 43.225.44.1; # hp.hupo.hk## verify chain of trust of OCSP response using Root CA and Intermediate certsssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;# Set HSTS to 365 daysadd_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';}
The icons in the upper left corner of Windows 7 Explorer are Favorites, Desktops, and various Librar
With the advantage of strong stability, embedded DVR is increasingly accepted by the security indust
1, what is light-emitting diode Light-emitting diodes are everywhere in everyday appliances, it can
Bill · Gates attitude towards software is: If you want good software, you have to pay for it.
Real-time synchronization of Linux and Windows system files
Linux installation ImageMagick and JMagick complete process and configuration tutorial
Linux is faster than windows executables
Tip: Generate crypt encrypted passwords under Linux
Threaded process classic linux article
After linux2.6.38, the kernel version calls open
Linking and loading of programs and implementation of dynamic linking under Linux
Linux command introduction: VI command application highlights
Two common startup failure resolution methods for Linux operation
Linux hwclock display and setting hardware clock command details
Mining the potential of Windows7 system to improve IE8 self-protection ability
Win7 system settings can not modify the text document TXT method
Experts teach you to set the Windows7 system IE8IE8 minimum window size
MSN in use privacy protection skills
How to close the Win8 virus protection program?
Win8.1 how to use AMD graphics card to view the memory size
Win 8 operating system application tips five
Win8 how to search for files Win8 powerful file search tutorial
How to use Win7 Ultimate Activation Tool? Win7 activation tool usage method