# Copyright (C) Internet Systems Consortium, Inc. ("ISC") # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. # # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. # uncomment to choose an appropriate UID/GID; default is 'nobody' # user bind bind; worker_processes auto; pid /var/run/nginx.pid; events { worker_connections 1024; multi_accept on; } stream { upstream dns_tcp_servers { server 127.0.0.1:8853; } server { listen 853 ssl; proxy_pass dns_tcp_servers; # update to a suitable SSL certificate (e.g. from LetsEncrypt), # and uncomment the following lines: # ssl_certificate /etc/nginx/lego/certificates/.crt; # ssl_certificate_key /etc/nginx/lego/certificates/.key; ssl_protocols TLSv1.2; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_session_tickets on; ssl_session_timeout 4h; ssl_handshake_timeout 30s; } }