nginx/sites-available/base

server {
	listen   443 ssl;
	listen   [::]:443 ssl;

    
    

	access_log off;
	error_log /dev/null crit;

    
    ssl_certificate                 /etc/ssl/certs/*.hamburg.freifunk.net.crt;
    ssl_certificate_key             /etc/ssl/private/*.hamburg.freifunk.net.key;
    

	ssl_prefer_server_ciphers on;
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 10m;

	# Only strong ciphers in PFS mode
	ssl_ciphers ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

	# Don't allow to get framed by sites that aren't on the same domain
	add_header X-Frame-Options SAMEORIGIN;

	# Tell clients never to use http or self-signed (!) certificates
	# There's no way to bypass this option after it has been cached!
	add_header Strict-Transport-Security max-age=31536000;

	location ~ /\. {
		deny all;
		access_log off;
		log_not_found off;
	}

    
    
}
Konfiguration gefixt und massiv aufgeräumt SSL Redirects funktionieren jetzt 2015-01-31 07:47:41 +01:00			`server {`
			`listen 443 ssl;`
			`listen [::]:443 ssl;`




			`access_log off;`
			`error_log /dev/null crit;`


			`ssl_certificate /etc/ssl/certs/*.hamburg.freifunk.net.crt;`
			`ssl_certificate_key /etc/ssl/private/*.hamburg.freifunk.net.key;`


			`ssl_prefer_server_ciphers on;`
			`ssl_session_cache shared:SSL:10m;`
			`ssl_session_timeout 10m;`

			`# Only strong ciphers in PFS mode`
			`ssl_ciphers ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA;`
			`ssl_protocols TLSv1 TLSv1.1 TLSv1.2;`

			`# Don't allow to get framed by sites that aren't on the same domain`
			`add_header X-Frame-Options SAMEORIGIN;`

			`# Tell clients never to use http or self-signed (!) certificates`
			`# There's no way to bypass this option after it has been cached!`
			`add_header Strict-Transport-Security max-age=31536000;`

			`location ~ /\. {`
			`deny all;`
			`access_log off;`
			`log_not_found off;`
			`}`



			`}`