Update nginx SSL settings, includes

roles/nginx/defaults/main.yml

@@ -0,0 +1 @@
+nginx_resolver: 127.0.0.1 [::1]

roles/nginx/files/etc/nginx/include/ssl_rewrite.conf

@@ -0,0 +1,4 @@
+# Generischer Rewrite von HTTP nach HTTPS
+location / {
+    return 302 https://$server_name$request_uri;
+}

roles/nginx/tasks/main.yml

@@ -22,10 +22,10 @@
   notify: restart nginx
   tags: nginx
 
-- name: copy nginx.conf
+- name: template nginx.conf
-  copy:
+  template:
-    src: etc/nginx/nginx.conf
+    src: templates/nginx.conf.j2
-    dest: /etc/nginx
+    dest: /etc/nginx/nginx.conf
     mode: 0644
     owner: root
     group: root

roles/nginx/templates/nginx.conf.j2

@@ -30,8 +30,15 @@ http {
         # SSL Settings
         ##
 
-        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+        ssl_ciphers ECDH+aRSA+AESGCM:ECDH+aRSA+AES:+SHA1;
         ssl_prefer_server_ciphers on;
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+        ssl_session_cache shared:SSL:10m;
+        ssl_session_timeout 10m;
+        ssl_stapling on;
+        ssl_stapling_verify on;
+
+        resolver {{ nginx_resolver }};
 
         ##
         # Logging Settings