How to configure secure HTTPs with nginx

There is a big variety of ways how to configure nginx web server in regards to SSL ciphers, headers and other features. This is our recommended way to reach A+ rating with SSLLabs and ensure can connect to your resource.

Step-by-step guide

  1. Install nginx
  2. Receive certificates using Let's Encrypt or other certificate issuer
  3. Configure nginx with these parameters for ssl mode:

        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA384;
        ssl_ecdh_curve secp384r1;
        add_header Strict-Transport-Security "max-age=31536000";
        ssl_protocols TLSv1.2;

More information in (in Russian)