server $${instance-parameter:ipv4-random}:$${publish-connection-parameter:frontend-port};
}
}
server {
server {
...
@@ -75,16 +75,16 @@ server {
...
@@ -75,16 +75,16 @@ server {
# based on Mozilla Guideline v5.6
# based on Mozilla Guideline v5.6
##
##
# ssl_protocols TLSv1.2 TLSv1.3;
ssl_protocols TLSv1.2 TLSv1.3;
# ssl_prefer_server_ciphers on;
ssl_prefer_server_ciphers on;
# ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; # add ECDHE-RSA-AES256-SHA if you want compatibility with Android 4
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; # add ECDHE-RSA-AES256-SHA if you want compatibility with Android 4
# ssl_session_timeout 1d; # defaults to 5m
ssl_session_timeout 1d; # defaults to 5m
# ssl_session_cache shared:SSL:10m; # estimated to 40k sessions
ssl_session_cache shared:SSL:10m; # estimated to 40k sessions
# ssl_session_tickets off;
ssl_session_tickets off;
# ssl_stapling on;
ssl_stapling on;
# ssl_stapling_verify on;
ssl_stapling_verify on;
# HSTS (https://hstspreload.org), requires to be copied in 'location' sections that have add_header directives
# HSTS (https://hstspreload.org), requires to be copied in 'location' sections that have add_header directives