|
@@ -21,11 +21,16 @@ server {
|
21
|
21
|
listen [::]:443 ssl;
|
22
|
22
|
server_name jitsi-meet.example.com;
|
23
|
23
|
|
24
|
|
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
25
|
|
- ssl_prefer_server_ciphers on;
|
26
|
|
- ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED";
|
|
24
|
+# Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
|
|
25
|
+ ssl_protocols TLSv1.2 TLSv1.3;
|
|
26
|
+ ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
|
27
|
+ ssl_prefer_server_ciphers off;
|
27
|
28
|
|
28
|
|
- add_header Strict-Transport-Security "max-age=31536000";
|
|
29
|
+ ssl_session_timeout 1d;
|
|
30
|
+ ssl_session_cache shared:SSL:10m; # about 40000 sessions
|
|
31
|
+ ssl_session_tickets off;
|
|
32
|
+
|
|
33
|
+ add_header Strict-Transport-Security "max-age=63072000" always;
|
29
|
34
|
|
30
|
35
|
ssl_certificate /etc/jitsi/meet/jitsi-meet.example.com.crt;
|
31
|
36
|
ssl_certificate_key /etc/jitsi/meet/jitsi-meet.example.com.key;
|