diff options
| author | Patrick Spek <p.spek@tyil.nl> | 2022-04-17 10:45:53 +0200 |
|---|---|---|
| committer | Patrick Spek <p.spek@tyil.nl> | 2022-04-17 10:45:53 +0200 |
| commit | 342d8ef5e1d988877efbd1bc5d333640d7523570 (patch) | |
| tree | fcf98ce1bfc6833f6b1ab50284765562aaeee0e5 /playbooks.d/webserver/share/snippets.d/ssl.conf | |
Initial commit
Diffstat (limited to 'playbooks.d/webserver/share/snippets.d/ssl.conf')
| -rw-r--r-- | playbooks.d/webserver/share/snippets.d/ssl.conf | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/playbooks.d/webserver/share/snippets.d/ssl.conf b/playbooks.d/webserver/share/snippets.d/ssl.conf new file mode 100644 index 0000000..68bcdf0 --- /dev/null +++ b/playbooks.d/webserver/share/snippets.d/ssl.conf @@ -0,0 +1,16 @@ +# SSL settings +ssl_protocols TLSv1.3 TLSv1.2; + +ssl_buffer_size 4K; +ssl_dhparam /etc/nginx/dhparam.pem; +ssl_ecdh_curve secp521r1:secp384r1; +ssl_prefer_server_ciphers on; +ssl_session_cache shared:le_nginx_SSL:2m; +ssl_session_tickets off; +ssl_session_timeout 1440m; + +# Ciphers +ssl_ciphers 'EECDH+AESGCM:EECDH+AES256:!ECDHE-RSA-AES256-SHA384:!ECDHE-RSA-AES256-SHA'; + +# Additional headers +add_header Strict-Transport-Security "max-age=63072000" always; |