by Devin Yang
(This article was automatically translated.)

Published - 8 years ago ( Updated - 8 years ago )

This article describes how to adjust the ssl settings of nginx so that the website can obtain an SSL report and get an A+ rating.
Here I am using letsencrypt free credentials.
As long as you use the Docker official nginx new version image preset by D-Laravel,
Should be able to achieve the same effect as mine.

The following is the SSL detection URL, which can be used to detect the SSL settings on your host:
https://www.ssllabs.com/ssltest/index.html

There are pictures and the truth, let’s take a look at my results first..:), it is very simple to set up on Nginx.
ssl a plus rating

The following is the complete ssl configuration file I use in D-Laravel , you can download it for reference and adjust it yourself:
Full configuration file : ccc-ssl.conf

It mainly includes the following settings:
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
ssl_certificate /etc/nginx/conf.d/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/conf.d/ssl/privkey.pem;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:HIGH:!aNULL:!eNULL :!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!SEED:!DSS:!CAMELLIA;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_dhparam /etc/nginx/conf.d/ssl/dhp-512.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/conf.d/ssl/chain.pem;

Additionally, I generate a set of 512-bit diffie-hellman ( Diffie-Hellman key exchange ) parameters to improve the security of certain types of ciphers.
For example: (4096 will take a long time, you can use 2048 or I use 512.)

You can use the openssl command on the terminal to generate the file
openssl dhparam -out dhp-2048.pem 2048

 

Tags: nginx dlaravel

Devin Yang

Feel free to ask me, if you don't get it.:)

No Comment

Post your comment

Login is required to leave comments

Similar Stories


docker,dlaravel

D-Laravel 1.5.5 Change Notes

D-Laravel's fpm image was rebuilt using the official dockerfile of docker php before php 7.2.1. And so I can specify that the default owner of fpm is dlaravel, --with-fpm-user=USER Set the user for php-fpm to run as. (default: nobody) --with-fpm-group=GRP Set the group for php-fpm to run as.

dlaravel

D-Laravel v1.5.0 is a new version.

1. Change the image generation method of fpm, optimize dockerfiles/fpm/php7.x/Dockerfiles, and make it easier to set and adjust extension packages. 2. Adjust docker-compose-build.yml, and in the Project directory of D-Laravel, You can quickly build your own image through ./console build. And many more changes....

dlaravel

Use D-Laravel to build your own dedicated php fpm image.

D-Laravel has provided a built php image, if you need to adjust it yourself and build your own dedicated image is quite simple. 1. First, enter dockerfiles/fpm in D-Laravel, and select the PHP version you want to build, such as 7.2. The command is as follows...