events {
  worker_connections  4096;  ## Default: 1024
}
http
{

	server
	{
		listen 443 ssl http2;
		ssl_reject_handshake on;
		ssl_protocols TLSv1.3 TLSv1.2;
	}
	server
	{
		server_name ban.vlu2.ml;
		listen 443 ssl http2;
		charset utf-8;
		ssl_certificate /root/.acme.sh/ban.vlu2.ml/fullchain.cer;
		ssl_certificate_key /root/.acme.sh/ban.vlu2.ml/ban.vlu2.ml.key;
		ssl_session_timeout 1d;
		ssl_session_cache shared:MozSSL:40m;
		ssl_session_tickets on;
		add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
		ssl_protocols         TLSv1.3 TLSv1.2;
		ssl_ciphers           DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+CHACHA20:EECDH+AESGCM;
		ssl_prefer_server_ciphers on;
		root /root/ban/;
	}
}