Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
ansible/roles/nginx/templates/example_ssl.conf.2
Till Maas 8f7acb0dde Increase HSTS max age to one year 
The HSTS preload list requires this now: https://hstspreload.org/
2018-02-07 12:42:36 +01:00

29 lines
1.3 KiB
Groff
Raw Blame History

# HTTPS server
#
#server {
# listen 443;
# server_name {{ service_name }};
# ssl on;
# ssl_certificate /etc/nginx/conf.d/ssl.pem;
# ssl_certificate_key /etc/nginx/conf.d/ssl.key;
# {{ nginx_ssl_ca_line }}
# ssl_session_timeout 5m;
# # https://mozilla.github.io/server-side-tls/ssl-config-generator/
# # modern configuration. tweak to your needs.
# ssl_protocols TLSv1.1 TLSv1.2;
# ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
# ssl_prefer_server_ciphers on;
#
# # HSTS (ngx_http_headers_module is required) (31536000 seconds = 365 days)
# add_header Strict-Transport-Security max-age=31536000;
# location / {
# root /usr/share/nginx/html;
# index index.html index.htm;
# }
#}
Reference in a new issue View git blame Copy permalink