ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_certificate /etc/letsencrypt/live/aninix.net-0001/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/aninix.net-0001/privkey.pem; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers "!NULL:!SSLv2:!SSLv3:!TLSv1:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_prefer_server_ciphers on; add_header "Strict-Transport-Security" "max-age=63072000; includeSubDomains; preload"; add_header "X-Content-Type-Options" "nosniff"; add_header "Public-Key-Pins" "pin-sha256=\"JYR9Zo608E/dQLErawdAxWfafQJDCOtsLJb+QdneIY0=\"; max-age=315360000; includeSubDomains"; add_header "X-XSS-Protection" "1; mode=block"; add_header "X-Frame-Options" "SAMEORIGIN"; # Cross-Origin Resource Sharing # add_header 'Access-Control-Allow-Origin' '*' always; # add_header 'Access-Control-Allow_Credentials' 'true' always; # add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range' always; # add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH' always;