Update nginx SSL settings, includes
This commit is contained in:
parent
eed7317b0c
commit
28efaaafdc
1
roles/nginx/defaults/main.yml
Normal file
1
roles/nginx/defaults/main.yml
Normal file
|
@ -0,0 +1 @@
|
|||
nginx_resolver: 127.0.0.1 [::1]
|
4
roles/nginx/files/etc/nginx/include/ssl_rewrite.conf
Normal file
4
roles/nginx/files/etc/nginx/include/ssl_rewrite.conf
Normal file
|
@ -0,0 +1,4 @@
|
|||
# Generischer Rewrite von HTTP nach HTTPS
|
||||
location / {
|
||||
return 302 https://$server_name$request_uri;
|
||||
}
|
|
@ -22,10 +22,10 @@
|
|||
notify: restart nginx
|
||||
tags: nginx
|
||||
|
||||
- name: copy nginx.conf
|
||||
copy:
|
||||
src: etc/nginx/nginx.conf
|
||||
dest: /etc/nginx
|
||||
- name: template nginx.conf
|
||||
template:
|
||||
src: templates/nginx.conf.j2
|
||||
dest: /etc/nginx/nginx.conf
|
||||
mode: 0644
|
||||
owner: root
|
||||
group: root
|
||||
|
|
|
@ -30,8 +30,15 @@ http {
|
|||
# SSL Settings
|
||||
##
|
||||
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
|
||||
ssl_ciphers ECDH+aRSA+AESGCM:ECDH+aRSA+AES:+SHA1;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_timeout 10m;
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
|
||||
resolver {{ nginx_resolver }};
|
||||
|
||||
##
|
||||
# Logging Settings
|
Loading…
Reference in a new issue