Update nginx SSL settings, includes

This commit is contained in:
Alexander Dietrich 2017-02-10 20:38:12 +01:00
parent eed7317b0c
commit 28efaaafdc
4 changed files with 17 additions and 5 deletions

View file

@ -0,0 +1 @@
nginx_resolver: 127.0.0.1 [::1]

View file

@ -0,0 +1,4 @@
# Generischer Rewrite von HTTP nach HTTPS
location / {
return 302 https://$server_name$request_uri;
}

View file

@ -22,10 +22,10 @@
notify: restart nginx notify: restart nginx
tags: nginx tags: nginx
- name: copy nginx.conf - name: template nginx.conf
copy: template:
src: etc/nginx/nginx.conf src: templates/nginx.conf.j2
dest: /etc/nginx dest: /etc/nginx/nginx.conf
mode: 0644 mode: 0644
owner: root owner: root
group: root group: root

View file

@ -30,8 +30,15 @@ http {
# SSL Settings # SSL Settings
## ##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE ssl_ciphers ECDH+aRSA+AESGCM:ECDH+aRSA+AES:+SHA1;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_stapling on;
ssl_stapling_verify on;
resolver {{ nginx_resolver }};
## ##
# Logging Settings # Logging Settings