Removes SSL configuration to point users to the Mozilla SSL Configuration Generator

Running-Mastodon/Production-guide.md

@@ -181,7 +181,7 @@ CREATE USER mastodon CREATEDB;
 
 You need to configure [nginx](http://nginx.org) to serve your [Mastodon](https://github.com/tootsuite/mastodon/) instance.
 
-**Reminder: Replace all occurrences of example.com with your own instance's domain or sub-domain.**
+**Reminder: Replace all occurrences of example.com with your own instance's domain or sub-domain. And find a good security template to complete this sample file (You can get one here : https://mozilla.github.io/server-side-tls/ssl-config-generator/).**
 
 `cd` to `/etc/nginx/sites-available` and open a new file:
 
@@ -209,13 +209,20 @@ server {
   listen [::]:443 ssl http2;
   server_name example.com;
 
-  ssl_protocols TLSv1.2;
+  ####################
-  ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
+  # SECURITY WARNING #
-  ssl_prefer_server_ciphers on;
+  ####################
-  ssl_session_cache shared:SSL:10m;
+  #
-
+  # Providing a state of the art TLS configuration
-  ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
+  # is beyond the scope of this documentation.
-  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
+  #
+  # You need to replace this comment with a proper
+  # ssl configuration template for nginx.
+  #
+  # If you don't know were to start, you can get one here :
+  # https://mozilla.github.io/server-side-tls/ssl-config-generator/
+  #
+  # This configuration file won't work without ssl configuration directives.
 
   keepalive_timeout    70;
   sendfile             on;
@@ -232,8 +239,6 @@ server {
   gzip_http_version 1.1;
   gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
 
-  add_header Strict-Transport-Security "max-age=31536000";
-
   location / {
     try_files $uri @proxy;
   }