This article describes how to adjust the ssl settings of nginx so that the website can obtain an SSL report and get an A+ rating.
Here I am using letsencrypt free credentials.
As long as you use the Docker official nginx new version image preset by D-Laravel,
Should be able to achieve the same effect as mine.

The following is the SSL detection URL, which can be used to detect the SSL settings on your host:
https://www.ssllabs.com/ssltest/index.html

There are pictures and the truth, let’s take a look at my results first..:), it is very simple to set up on Nginx.


The following is the complete ssl configuration file I use in D-Laravel , you can download it for reference and adjust it yourself:
Full configuration file : ccc-ssl.conf

It mainly includes the following settings:

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
ssl_certificate /etc/nginx/conf.d/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/conf.d/ssl/privkey.pem;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:HIGH:!aNULL:!eNULL :!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!SEED:!DSS:!CAMELLIA;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_dhparam /etc/nginx/conf.d/ssl/dhp-512.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/conf.d/ssl/chain.pem;

Additionally, I generate a set of 512-bit diffie-hellman ( Diffie-Hellman key exchange ) parameters to improve the security of certain types of ciphers.
For example: (4096 will take a long time, you can use 2048 or I use 512.)

You can use the openssl command on the terminal to generate the file
openssl dhparam -out dhp-2048.pem 2048