# For permissions see: https://blog.kamal.io/post/nginx-and-ssl-root-key-security/
ssl_certificate /etc/nginx/certs/default.crt;
ssl_certificate_key /etc/nginx/certs/default.key;

ssl_dhparam /etc/nginx/certs/dhparam4096.pem;

#ssl_trusted_certificate /etc/letsencrypt/live/domain.tld/chain.pem;

# For preload see: https://hstspreload.appspot.com
add_header Strict-Transport-Security "max-age=31536000; preload";
# valid for 365 days