nginx.conf

events {
}

http {
    server {
        gzip on;
        gzip_disable "msie6";

        gzip_comp_level 6;
        gzip_min_length 1100;
        gzip_buffers 16 8k;
        gzip_proxied any;
        gzip_types
            text/plain
            text/css
            text/js
            text/xml
            text/javascript
            application/javascript
            application/json
            application/xml
            application/rss+xml
            image/svg+xml;

        access_log /var/log/nginx/access.log combined;

        listen 80;

        # enable HTTP2 to speed up (multiplexing feature etc)
        listen 443 ssl http2;

        # Enable SSL cache to speed up for return visitors
        ssl_session_cache   shared:SSL:50m; # speed up first time. 1m ~= 4000 connections
        ssl_session_timeout 4h;
        ssl_protocols TLSv1.2 TLSv1.3;

        # Specify cipher
        ssl_prefer_server_ciphers on;  # prefer a list of ciphers to prevent old and slow ciphers
        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';


        # Enable TLS
        charset utf-8;
        ssl_certificate /etc/nginx/YOUR_PEM.pem;
        ssl_certificate_key /etc/nginx/YOUR_KEY.pem;

        # OCSP
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate  /path/to/YOUR_PERM.pem;

        # To serve smaller requests (json/html/images etc) smaller ssl_buffer_size reduces latency but adds overhead
        # larger value decreases overhead but adds latency. Thus if TTFB is critical, use a smaller value (<=4K). See:
        # https://github.com/igrigorik/istlsfastyet.com/issues/63
        ssl_buffer_size 4k;

	# YOUR_OTHER_NGINX_CONFIG_HERE
    }
}