Adds ssl stronger settings to default nginx config.

10 years ago · 14fe5d09d1
parent 83339382ab
commit 14fe5d09d1
1 changed files with 6 additions and 0 deletions
--- a/doc/debian/jitsi-meet/jitsi-meet.example
+++ b/doc/debian/jitsi-meet/jitsi-meet.example
@ -9,6 +9,12 @@ server {
    listen 443 ssl;
    server_name jitsi-meet.example.com;

+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!aNULL:!eNULL:!MEDIUM:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED";
+
+    add_header Strict-Transport-Security "max-age=31536000";
+
    ssl_certificate /var/lib/prosody/jitsi-meet.example.com.crt;
    ssl_certificate_key /var/lib/prosody/jitsi-meet.example.com.key;