Verified Commit 10741449 authored by Elias Ojala's avatar Elias Ojala
Browse files

ssl-params change resolver

parent 1c1badfd
......@@ -14,7 +14,9 @@ ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 1.0.0.1 valid=300s;
# Replace with your own resolvers if preferred
# This example is using UncensoredDNS, see https://uncensoreddns.org/ for details.
resolver 91.239.100.100 89.233.43.71 valid=300s;
resolver_timeout 5s;
add_header X-Content-Type-Options nosniff;
......
......@@ -115,7 +115,7 @@ ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# Replace with the domain's HSTS policy
add_header Strict-Transport-Security "max-age=63072000";
add_header Strict-Transport-Security "max-age=63072000" always;
```
## SSL params
......
......@@ -39,7 +39,7 @@ sudo reboot
## Generate keys
```bash
wg genkey | tee privatekey | wg pubkey > publickey
umask 077; wg genkey | tee privatekey | wg pubkey > publickey
```
(recommended to run as `root`)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment