16 lines
815 B
Plaintext
16 lines
815 B
Plaintext
# For permissions see: https://blog.kamal.io/post/nginx-and-ssl-root-key-security/
|
|
ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem;
|
|
|
|
ssl_dhparam /etc/letsencrypt/live/domain.tld/dhparams.pem;
|
|
|
|
ssl_trusted_certificate /etc/letsencrypt/live/domain.tld/chain.pem;
|
|
|
|
# For preload see: https://hstspreload.appspot.com
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
|
|
# valid for 365 days
|
|
|
|
# Pinned certs: Lets-Enc-x1, Lets-Enc-x2
|
|
add_header Public-Key-Pins-Report-Only 'pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; pin-sha256="sRHdihwgkaib1P1gxX8HFszlD+7/gTfNvuAybgLPNis="; report-uri="https://report-uri.io/report/12345678/reportOnly"; max-age=7776000';
|
|
# valid for 90 days (report-only)
|