server {
  listen 10.8.0.1:443 ssl http2;
  #listen [::]:443 ssl http2;
  server_name keys.ins;

  ssl_certificate /etc/nginx/ssl/keys-ins.chain.crt;
  ssl_certificate_key /etc/nginx/ssl/keys-ins.key.pem;

  ssl_session_cache builtin:1000 shared:SSL:10m;
  ssl_protocols TLSv1.2;

  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

  ssl_prefer_server_ciphers on;

  ssl_stapling on;
  ssl_stapling_verify on;

  root /var/www/keys;
  location / {
    autoindex on;
  }
}