From ecc7eb24280bbe5b2b78bfad94792554607e339d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Peters?= <andre.peters@debinux.de>
Date: Wed, 5 May 2021 22:57:42 +0200
Subject: [PATCH] Update u_e-nginx.md

---
 docs/u_e-nginx.md | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/docs/u_e-nginx.md b/docs/u_e-nginx.md
index 9743b6e55..9581dd9b6 100644
--- a/docs/u_e-nginx.md
+++ b/docs/u_e-nginx.md
@@ -6,10 +6,17 @@ nano data/conf/nginx/my_custom_site.conf
 
 A good template to begin with:
 
-``` hl_lines="9"
+``` hl_lines="16"
 server {
   ssl_certificate /etc/ssl/mail/cert.pem;
   ssl_certificate_key /etc/ssl/mail/key.pem;
+  ssl_protocols TLSv1.2 TLSv1.3;
+  ssl_prefer_server_ciphers on;
+  ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
+  ssl_ecdh_curve X25519:X448:secp384r1:secp256k1;
+  ssl_session_cache shared:SSL:50m;
+  ssl_session_timeout 1d;
+  ssl_session_tickets off;
   index index.php index.html;
   client_max_body_size 0;
   root /web;
@@ -31,10 +38,17 @@ server {
 
 Another example with a reverse proxy configuration:
 
-``` hl_lines="9 21"
+``` hl_lines="16 28"
 server {
   ssl_certificate /etc/ssl/mail/cert.pem;
   ssl_certificate_key /etc/ssl/mail/key.pem;
+  ssl_protocols TLSv1.2 TLSv1.3;
+  ssl_prefer_server_ciphers on;
+  ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
+  ssl_ecdh_curve X25519:X448:secp384r1:secp256k1;
+  ssl_session_cache shared:SSL:50m;
+  ssl_session_timeout 1d;
+  ssl_session_tickets off;
   index index.php index.html;
   client_max_body_size 0;
   root /web;