server {
listen 443 ssl default_server;
server_name exemple.com;
ssl on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /path_to/exemple.crt;
ssl_certificate_key /path_to/exemple.key;
ssl_ciphers 'HIGH:!aNULL:!MD5:!kEDH';
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/cert/ca-certs.pem;
ну и в начале конфы виртуал хоста, перманентное перенаправление на https
server{
listen 80 default_server;
server_name exemple.com;
rewrite ^(/.*)$ https://$host$1 permanent;
}
habrahabr.ru/post/254231