Skip to content
Snippets Groups Projects
Select Git revision
  • master default
  • v1
  • btrfs-backup
3 results

mail.shore.co.il.conf

Blame
    • mail.shore.co.il.conf 1.57 KiB
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36 
    

    

    

    # vim: ft=nginx
server {
    listen      80;
    listen      [::]:80;
    server_name imap.shore.co.il smtp.shore.co.il mta-sts.shore.co.il mta-sts.nehe.sr;
    include     snippets/robots-disallow-all.conf;
    include     snippets/ads-txt.conf;
    include     snippets/security-txt.conf;
    include     snippets/www-acme-challenge.conf;
}

server {
    listen                      443 ssl http2;
    listen                      [::]:443 ssl http2;
    server_name                 mta-sts.shore.co.il mta-sts.nehe.sr;
    root                        /var/www/mail.shore.co.il/;
    include                     snippets/robots-disallow-all.conf;
    include                     snippets/ads-txt.conf;
    include                     snippets/security-txt.conf;

    # Copied from snippetes/ssl.conf.
    add_header                  Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
    add_header                  Expect-CT "max-age=86400, enforce, report-uri=\"https://www.shore.co.il/about\"";
    include                     snippets/common-headers.conf;
    ssl_certificate             /var/ssl/mail.crt;
    ssl_certificate_key         /var/ssl/mail.key;
    ssl_protocols               TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers                 !kRSA:!3DES:!RC4:!DES:!MD5:!aNULL:!NULL:AESGCM+ECDH:AES256+ECDH:AES128:+SHA1;
    ssl_prefer_server_ciphers   on;
    ssl_session_cache           shared:SSL:50m;
    ssl_session_timeout         5m;
    ssl_stapling                on;
    ssl_stapling_verify         on;
    ssl_trusted_certificate     /etc/ssl/ocsp.pem;
}