ssl-params change resolver

10741449 · Elias Ojala · 1c1badfd · 10741449 · 10741449 · 10741449
Verified Commit 10741449 authored Mar 18, 2019 by Elias Ojala
--- a/_includes/nginx/ssl-params.conf
+++ b/_includes/nginx/ssl-params.conf
@@ -14,7 +14,9 @@ ssl_prefer_server_ciphers on;
 ssl_stapling on;
 ssl_stapling_verify on;

-resolver 1.1.1.1 1.0.0.1 valid=300s;
+# Replace with your own resolvers if preferred
+# This example is using UncensoredDNS, see https://uncensoreddns.org/ for details.
+resolver 91.239.100.100 89.233.43.71 valid=300s;
 resolver_timeout 5s;

 add_header X-Content-Type-Options nosniff;

--- a/certbot.md
+++ b/certbot.md
@@ -115,7 +115,7 @@ ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

 # Replace with the domain's HSTS policy
-add_header Strict-Transport-Security "max-age=63072000";
+add_header Strict-Transport-Security "max-age=63072000" always;
 ```

 ## SSL params

--- a/wireguard.md
+++ b/wireguard.md
@@ -39,7 +39,7 @@ sudo reboot
 ## Generate keys

 ```bash
-wg genkey | tee privatekey | wg pubkey > publickey
+umask 077; wg genkey | tee privatekey | wg pubkey > publickey
 ```

 (recommended to run as `root`)