OpenWrt_x86-r2s-r4s-r5s-N1/files/etc/nginx/conf.d/ssl.conf.sample

server
    {
        listen 443 ssl http2;
        #listen [::]:443 ssl;
        server_name xxx.com;
        index luci index.html index.htm index.php default.html default.htm default.php;
        root  /www;

	ssl_certificate '/etc/nginx/conf.d/_lan.crt';
	ssl_certificate_key '/etc/nginx/conf.d/_lan.key';
	ssl_session_timeout '64m';
	ssl_protocols TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
	ssl_session_cache 'shared:SSL:10m';
		
        #include rewrite/other.conf;
        #error_page   404   /404.html;

		location = /(robots.txt|favicon.ico) {
			log_not_found off;
		}

		location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
			expires 30d;
		}

		location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
			add_header Access-Control-Allow-Origin "*";
			expires 7d;
		}

		location ~ /\.(?!well-known) {
			deny all;
		}
		
		include conf.d/*.locations;
    }
	
	server {
        listen 80;
		server_name xxx.com www.xxx.com;
		return 301 https://$host$request_uri;	
		}