Select Git revision
mail.shore.co.il.conf
mail.shore.co.il.conf 1.57 KiB
# vim: ft=nginx
server {
listen 80;
listen [::]:80;
server_name imap.shore.co.il smtp.shore.co.il mta-sts.shore.co.il mta-sts.nehe.sr;
include snippets/robots-disallow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
include snippets/www-acme-challenge.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mta-sts.shore.co.il mta-sts.nehe.sr;
root /var/www/mail.shore.co.il/;
include snippets/robots-disallow-all.conf;
include snippets/ads-txt.conf;
include snippets/security-txt.conf;
# Copied from snippetes/ssl.conf.
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header Expect-CT "max-age=86400, enforce, report-uri=\"https://www.shore.co.il/about\"";
include snippets/common-headers.conf;
ssl_certificate /var/ssl/mail.crt;
ssl_certificate_key /var/ssl/mail.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers !kRSA:!3DES:!RC4:!DES:!MD5:!aNULL:!NULL:AESGCM+ECDH:AES256+ECDH:AES128:+SHA1;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/ssl/ocsp.pem;
}