Web server configuration for Nginx

server { listen 80; server_name example.com;

return 301 https://example.com$request_uri; }

server { listen 443 http2 ssl; listen [::]:443 http2 ssl;

server_name example.com;

# tell users to go to SSL version next time add_header Strict-Transport-Security "max-age=15768000; includeSubdomains;" always;

ssl_protocols              TLSv1.3; ssl_ciphers                TLS-CHACHA20-POLY1305-SHA25:TLS-AES-256-GCM-SHA:!aNULL:!eNULL:!EXPORT; ssl_prefer_server_ciphers  on; ssl_session_cache          shared:SSL:5m; ssl_stapling               off; ssl_dhparam                /etc/ssl/certs/dhparam.pem; ssl_trusted_certificate    certs.d/ca.cer; ssl_certificate_key        certs.d/example_com.key; ssl_certificate            certs.d/example_com.cer;

# Enable session tickets ssl_session_tickets on;

root /var/www/example.com; index index.html;

location / { try_files $uri $uri/ =404; }   }

'''