# vim: ft=nginx include root-base.conf; http { include http-base.conf; include hosted-http-base.conf; include rate-limiting.conf; server { include server-base.conf; add_header Strict-Transport-Security "max-age=63072000; preload"; listen 443 default; ssl on; ssl_certificate ./stack/ssl.cert; ssl_certificate_key ./stack/ssl.key; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; ssl_prefer_server_ciphers on; } server { include proxy-protocol.conf; include server-base.conf; add_header Strict-Transport-Security "max-age=63072000; preload"; listen 8443 default proxy_protocol; ssl on; ssl_certificate ./stack/ssl.cert; ssl_certificate_key ./stack/ssl.key; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; ssl_prefer_server_ciphers on; } }