summaryrefslogtreecommitdiff
path: root/playbooks.d/webserver/share/snippets.d/ssl.conf
diff options
context:
space:
mode:
authorPatrick Spek <p.spek@tyil.nl>2022-04-17 10:45:53 +0200
committerPatrick Spek <p.spek@tyil.nl>2022-04-17 10:45:53 +0200
commit342d8ef5e1d988877efbd1bc5d333640d7523570 (patch)
treefcf98ce1bfc6833f6b1ab50284765562aaeee0e5 /playbooks.d/webserver/share/snippets.d/ssl.conf
Initial commit
Diffstat (limited to 'playbooks.d/webserver/share/snippets.d/ssl.conf')
-rw-r--r--playbooks.d/webserver/share/snippets.d/ssl.conf16
1 files changed, 16 insertions, 0 deletions
diff --git a/playbooks.d/webserver/share/snippets.d/ssl.conf b/playbooks.d/webserver/share/snippets.d/ssl.conf
new file mode 100644
index 0000000..68bcdf0
--- /dev/null
+++ b/playbooks.d/webserver/share/snippets.d/ssl.conf
@@ -0,0 +1,16 @@
+# SSL settings
+ssl_protocols TLSv1.3 TLSv1.2;
+
+ssl_buffer_size 4K;
+ssl_dhparam /etc/nginx/dhparam.pem;
+ssl_ecdh_curve secp521r1:secp384r1;
+ssl_prefer_server_ciphers on;
+ssl_session_cache shared:le_nginx_SSL:2m;
+ssl_session_tickets off;
+ssl_session_timeout 1440m;
+
+# Ciphers
+ssl_ciphers 'EECDH+AESGCM:EECDH+AES256:!ECDHE-RSA-AES256-SHA384:!ECDHE-RSA-AES256-SHA';
+
+# Additional headers
+add_header Strict-Transport-Security "max-age=63072000" always;