summaryrefslogtreecommitdiff
path: root/playbooks.d/webserver-nginx/share/snippets.d/ssl.conf
diff options
context:
space:
mode:
Diffstat (limited to 'playbooks.d/webserver-nginx/share/snippets.d/ssl.conf')
-rw-r--r--playbooks.d/webserver-nginx/share/snippets.d/ssl.conf16
1 files changed, 16 insertions, 0 deletions
diff --git a/playbooks.d/webserver-nginx/share/snippets.d/ssl.conf b/playbooks.d/webserver-nginx/share/snippets.d/ssl.conf
new file mode 100644
index 0000000..68bcdf0
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/snippets.d/ssl.conf
@@ -0,0 +1,16 @@
+# SSL settings
+ssl_protocols TLSv1.3 TLSv1.2;
+
+ssl_buffer_size 4K;
+ssl_dhparam /etc/nginx/dhparam.pem;
+ssl_ecdh_curve secp521r1:secp384r1;
+ssl_prefer_server_ciphers on;
+ssl_session_cache shared:le_nginx_SSL:2m;
+ssl_session_tickets off;
+ssl_session_timeout 1440m;
+
+# Ciphers
+ssl_ciphers 'EECDH+AESGCM:EECDH+AES256:!ECDHE-RSA-AES256-SHA384:!ECDHE-RSA-AES256-SHA';
+
+# Additional headers
+add_header Strict-Transport-Security "max-age=63072000" always;
generated by cgit v1.1 at 2024-05-11 14:49:05 +0000