# server {
#         listen 443 ssl http2;

#         ssl_certificate /etc/nginx/cert/bjornjohansen.no.certchain.crt;
#         ssl_certificate_key /etc/nginx/cert/bjornjohansen.no.key;

#         ssl_session_cache shared:SSL:20m;
#         ssl_session_timeout 60m;

#         ssl_prefer_server_ciphers on;

#         ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5;

#         ssl_dhparam /etc/nginx/cert/dhparam.pem;

#         ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

#         ssl_stapling on;
#         ssl_stapling_verify on;
#         ssl_trusted_certificate /etc/nginx/cert/trustchain.crt;
#         resolver 8.8.8.8 8.8.4.4;

#         add_header Strict-Transport-Security "max-age=31536000" always;
# }