From 093d23c3a840f9ac15a3cfde369be37a454495b6 Mon Sep 17 00:00:00 2001
From: mischaikow <mischaik@gmail.com>
Date: Thu, 4 Jul 2024 15:33:40 -0400
Subject: [PATCH] Certbot try six

---
 nginx/docker-compose.yml | 3 +--
 nginx/nginx.conf         | 9 +++++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/nginx/docker-compose.yml b/nginx/docker-compose.yml
index 2ad2e75..39c5ff8 100644
--- a/nginx/docker-compose.yml
+++ b/nginx/docker-compose.yml
@@ -4,8 +4,7 @@ services:
     command: sh -c "certbot certonly --standalone -d mischaikow.com --text --agree-tos --email mischaik@gmail.com --server https://acme-v02.api.letsencrypt.org/directory --rsa-key-size 4096 --verbose --keep-until-expiring --preferred-challenges=http"
     container_name: certbot
     volumes:
-      - ./nginx/certbot:/etc/letsencrypt
-      - ./nginx/certbot-data:/var/lib/letsencrypt
+      - "letsencrypt:/etc/letsencrypt"
 
 volumes:
   letsencrypt:
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 00363ec..1915201 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -5,8 +5,13 @@ server {
   listen 443 ssl;
   ssl_certificate /etc/letsencrypt/live/mischaikow.com/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/mischaikow.com/privkey.pem;
-  include /etc/letsencrypt/options-ssl-nginx.conf;
-  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+  ssl_session_timeout 5m;
+  ssl_protocols TLSv1.2;
+  ssl_ciphers 'EECDH+AESGCM: EDH+AESGCM:AES256+EECDH:AES256+EDH';
+  ssl_prefer_server_ciphers on;
+
+  ssl_session_cache shared:SSL:10m;
+  ssl_dhparam dhparam.pem;
 
   location / {
     proxy_pass http://mischaikow-frontend:4173/;