SSL / TLS
server {
listen 443 ssl;
server_name www.example.com;
# The certificate file
# Support chained certificate
ssl_certificate www.example.com.crt;
# The private key file
ssl_certificate_key www.example.com.key;
}
DH param
Generate DH param file
openssl dhparam 4096 -out /etc/nginx/dhparam.pem
server {
ssl_dhparam /etc/nginx/dhparam.pem;
}