server { listen 443 ssl http2 ; listen [::]:443 ssl http2; server_name reuz.lapinbilly.eu; root /usr/local/www/element/; index index.html index.php index.htm; access_log /var/log/nginx/riot.access.log; error_log /var/log/nginx/riot.error.log; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Frame-Options "SAMEORIGIN" always; add_header Strict-Transport-Security "max-age=31536000"; ssl_dhparam /usr/local/etc/nginx/dhparam.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ecdh_curve X25519:P-521:P-384:P-256; ssl_prefer_server_ciphers on; ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"; ssl_session_cache shared:SSL:10m; ssl_session_timeout 15m; ssl_session_tickets off; ssl_certificate /usr/local/etc/letsencrypt/live/reuz.lapinbilly.eu/fullchain.pem; ssl_certificate_key /usr/local/etc/letsencrypt/live/reuz.lapinbilly.eu/privkey.pem; location / { try_files $uri $uri/ =404; } location = /robots.txt { allow all; log_not_found off; access_log off; } location = /favicon.ico { log_not_found off; access_log off; } }