Skip to content

If you are dealing with Nginx and ssl you might want to use this hardened ssl config

License

Notifications You must be signed in to change notification settings

null9beta/nginx-ssl-config

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

If you are using nginx and run your site with ssl you might want to add a rather strong ssl config to it.

Based on the Infos provided by raymii.org and the mozilla foundation on that topic i just put that setup into some files that you could easily add to your nginx config. You can use the ssllabs ssltest to check your setup. With the ssl config provided you will easily get a A Rating. To make it to A+ you need to activate HSTS as well.

Setup Instructions

  1. You should put the folder secrecy into /etc/nginx/
  2. You should include the basic.conf of secrecy into your nginx.conf include /etc/nginx/secrecy/basic.conf; @see the nginx.conf sample file
  3. If you don`t want to add it globally you can also add it to your server definitions, see the sites-available sample
  4. Test your nginx config with nginx -t
  5. Reload your webserver configuration service nginx reload

Upcoming

I will also create a salt formula that will install nginx with some helpfull configuration including that ssl one.

References

To create the dh4096.pem file that is needed

openssl dhparam -out dh4096.pem 4096 and move the file into the right location

About

If you are dealing with Nginx and ssl you might want to use this hardened ssl config

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published