First, the Nginx configuration of the site
 server { listen 80; #listen [::]:80; server_name dobyi.com www.dobyi.com; rewrite ^/(.*)  https://dobyi.com/ $1 permanent; } server { listen 443; server_name dobyi.com www.dobyi.com; include ssl.conf; ssl_certificate     /■■■■■/ssl/dobyi/dobyi.pem; ssl_certificate_key /■■■■■/ssl/dobyi/dobyi.key; index index.html index.htm index.php default.html default.htm default.php; root  /■■■■■/dobyi.com; #... ...# }
Then ssl.conf
 ssl on; ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:! MD5; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_stapling on; ssl_stapling_verify on; ssl_prefer_server_ciphers on; ssl_dhparam /■■■■■/ssl/dhparam.pem; add_header Strict-Transport-Security max-age=15552000;
Among them, dhparam.pem can be generated by the following command (this step will take a long time, usually about five minutes, depending on the vps performance)

openssl dhparam -out dhparam.pem 4096

Finally, restart Nginx!

Last modification: November 17, 2017
© Allow specification reprint
If you think my article is useful to you, please feel free to appreciate it