Skip to content
Snippets Groups Projects
Select Git revision
  • master default
  • v1
  • btrfs-backup
3 results

mail.shore.co.il.conf

Blame
  • mail.shore.co.il.conf 1.57 KiB
    # vim: ft=nginx
    server {
        listen      80;
        listen      [::]:80;
        server_name imap.shore.co.il smtp.shore.co.il mta-sts.shore.co.il mta-sts.nehe.sr;
        include     snippets/robots-disallow-all.conf;
        include     snippets/ads-txt.conf;
        include     snippets/security-txt.conf;
        include     snippets/www-acme-challenge.conf;
    }
    
    server {
        listen                      443 ssl http2;
        listen                      [::]:443 ssl http2;
        server_name                 mta-sts.shore.co.il mta-sts.nehe.sr;
        root                        /var/www/mail.shore.co.il/;
        include                     snippets/robots-disallow-all.conf;
        include                     snippets/ads-txt.conf;
        include                     snippets/security-txt.conf;
    
        # Copied from snippetes/ssl.conf.
        add_header                  Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
        add_header                  Expect-CT "max-age=86400, enforce, report-uri=\"https://www.shore.co.il/about\"";
        include                     snippets/common-headers.conf;
        ssl_certificate             /var/ssl/mail.crt;
        ssl_certificate_key         /var/ssl/mail.key;
        ssl_protocols               TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_ciphers                 !kRSA:!3DES:!RC4:!DES:!MD5:!aNULL:!NULL:AESGCM+ECDH:AES256+ECDH:AES128:+SHA1;
        ssl_prefer_server_ciphers   on;
        ssl_session_cache           shared:SSL:50m;
        ssl_session_timeout         5m;
        ssl_stapling                on;
        ssl_stapling_verify         on;
        ssl_trusted_certificate     /etc/ssl/ocsp.pem;
    }