ssl labs nginx config/ciphers – a+ rating

How to get the a+ rating from ssl labs. Here is my nginx config with the ciphers: vim /etc/nginx/nginx.conf  ## # SSL Settings ## ssl_session_timeout 5m; ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE ssl_ciphers ‚EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA‘; #add_header …

ssl labs nginx config/ciphers – a+ rating Weiterlesen »

nginx – how to hide the server version

How to hide the nginx server version for security reasons. Just use the server_tokens variable and restart the webserver afterwards. vim /etc/nginx/nginx.conf server_tokens off; systemctl reload nginx

nginx – create ssl certificate

How to create a ssl certificate for the nginx webserver: mkdir /etc/nginx/ssl openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt vim /etc/nginx/nginx.conf ssl on;ssl_certificate /etc/nginx/ssl/nginx.crt;ssl_certificate_key /etc/nginx/ssl/nginx.key; systemctl restart nginx

Nach oben scrollen