Update 'config/nginx/nginx-default.conf'

2019-08-29 12:05:48 +02:00
parent b6bdbf5d98
commit dc56307ddd
1 changed files with 7 additions and 2 deletions
--- a/config/nginx/nginx-default.conf
+++ b/config/nginx/nginx-default.conf
@@ -28,11 +28,16 @@ http {
 	include /etc/nginx/mime.types;
 	default_type text/html;

-	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+	ssl_protocols TLSv1.3 TLSv1.2;
 	ssl_prefer_server_ciphers on;
-    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
    ssl_session_cache shared:SSL:20m;
    ssl_session_timeout 180m;
+    ssl_ecdh_curve secp384r1;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+	add_header X-Frame-Options sameorigin;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-Xss-Protection "1; mode=block";

    #access_log /var/log/nginx/access.log;
    access_log off;