Configure SSL for nginx

Please, refer to SSL Configuration Testing to test the current level of SSL Configuration.

Nginx Configuration

The following resource provides nginx configuration for strong SSL Configuration.

Below is an example of Dhound nginx web servers configuration that raised SSL configuration from B level to A+ and increased protection of a web site (for example, against Clickjacking attacks):

/etc/nginx/nginx.confhttp {
            # SSL Settings
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_prefer_server_ciphers on;
            ssl_ciphers "HIGH:!RC4:!aNULL:!MD5:!kEDH";
            ssl_ecdh_curve secp384r1;
            ssl_session_cache shared:SSL:10m;
            ssl_session_tickets off;
            ssl_stapling on;
            ssl_stapling_verify on;

/etc/nginx/sites-enabled/<configfile>server {
            listen 443;
            ssl on;
            ssl_certificate /etc/ssl/<SSL Certificate>.crt;
            ssl_certificate_key /etc/ssl/private/<SSL Private key>.key;
            add_header Strict-Transport-Security "max-age=63072000; preload"; # force browser to use HTTP always for this resource
            add_header X-Frame-Options DENY; # protect against Clickjacking attack
            add_header X-Content-Type-Options nosniff; 

See Also

Published on Apr 11, 2017