New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Nginx TLS configuration for maximum security
Almost every site that matters is now secured with TLS/SSL, but most of these site use weak ciphers. As i was configuring my own cloud storage site (well the backend is based on seafile) i decided to research TLS, Nginx and how they should be configured. I decided to target maximum security since i would upload important personal files. So heres my configuration
First reqruiments: Nginx built with Openssl 1.1.0g or Libressl 2.6.4
Use build script: Libressl or Openssl
For nginx conf use this (place your site specific conf to /etc/nginx/conf)
in your site specific .conf file add (copy paste) the following
(sources: https://raymii.org, https://scotthelme.co.uk
Thanked by 1ferri
Comments
Why is this in domain section?
You should also configure your crypto to use good algos and avoid e.g. sha-1 (which is still enabled in many default configs (incl. openssl itself).
Use firefox's https config generator. It will score you an A+.
This will score you 100% on everything
You can test cellarium.org
Yeah I have 4096 (RSA) SHA2 can from twathe