Update nginx SSL settings, includes
This commit is contained in:
parent
eed7317b0c
commit
28efaaafdc
1
roles/nginx/defaults/main.yml
Normal file
1
roles/nginx/defaults/main.yml
Normal file
|
@ -0,0 +1 @@
|
||||||
|
nginx_resolver: 127.0.0.1 [::1]
|
4
roles/nginx/files/etc/nginx/include/ssl_rewrite.conf
Normal file
4
roles/nginx/files/etc/nginx/include/ssl_rewrite.conf
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
# Generischer Rewrite von HTTP nach HTTPS
|
||||||
|
location / {
|
||||||
|
return 302 https://$server_name$request_uri;
|
||||||
|
}
|
|
@ -22,10 +22,10 @@
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
tags: nginx
|
tags: nginx
|
||||||
|
|
||||||
- name: copy nginx.conf
|
- name: template nginx.conf
|
||||||
copy:
|
template:
|
||||||
src: etc/nginx/nginx.conf
|
src: templates/nginx.conf.j2
|
||||||
dest: /etc/nginx
|
dest: /etc/nginx/nginx.conf
|
||||||
mode: 0644
|
mode: 0644
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
|
|
|
@ -30,8 +30,15 @@ http {
|
||||||
# SSL Settings
|
# SSL Settings
|
||||||
##
|
##
|
||||||
|
|
||||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
|
ssl_ciphers ECDH+aRSA+AESGCM:ECDH+aRSA+AES:+SHA1;
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||||
|
ssl_session_cache shared:SSL:10m;
|
||||||
|
ssl_session_timeout 10m;
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
|
||||||
|
resolver {{ nginx_resolver }};
|
||||||
|
|
||||||
##
|
##
|
||||||
# Logging Settings
|
# Logging Settings
|
Loading…
Reference in a new issue