Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F3763653
D967.id2473.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
3 KB
Referenced Files
None
Subscribers
None
D967.id2473.diff
View Options
diff --git a/roles/shellserver/web-hosting/files/eglide/nginx/ssl_params b/roles/shellserver/web-hosting/files/eglide/nginx/ssl_params
new file mode 100644
--- /dev/null
+++ b/roles/shellserver/web-hosting/files/eglide/nginx/ssl_params
@@ -0,0 +1,15 @@
+ #Enable https
+ listen 443 ssl http2;
+ listen [2001:470:1f13:896:0:c0de:15:11fe]:443 ssl http2;
+
+ ssl_session_timeout 1d;
+ ssl_session_cache shared:SSL:50m;
+ ssl_session_tickets off;
+
+ ssl_protocols TLSv1.2;
+ ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
+ ssl_prefer_server_ciphers on;
+
+ add_header Strict-Transport-Security max-age=15768000;
+ ssl_stapling on;
+ ssl_stapling_verify on;
diff --git a/roles/shellserver/web-hosting/files/eglide/nginx/vhosts/001-eglide.org.conf b/roles/shellserver/web-hosting/files/eglide/nginx/vhosts/001-eglide.org.conf
--- a/roles/shellserver/web-hosting/files/eglide/nginx/vhosts/001-eglide.org.conf
+++ b/roles/shellserver/web-hosting/files/eglide/nginx/vhosts/001-eglide.org.conf
@@ -35,11 +35,10 @@
include includes/letsencrypt.conf;
- # Once the first certificate has been generated, we'll enabl this snippet:
- #
- # SSL - include ssl_params;
- # SSL - ssl_certificate /usr/local/etc/letsencrypt/live/eglide.org/fullchain.pem;
- # SSL - ssl_certificate_key /usr/local/etc/letsencrypt/live/eglide.org/privkey.pem;
+ include ssl_params;
+ ssl_certificate /etc/letsencrypt/live/www.eglide.org/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/www.eglide.org/privkey.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/www.eglide.org/chain.pem;
###
### Main site
diff --git a/roles/shellserver/web-hosting/files/eglide/nginx/vhosts/robot.paysannerebelle.com.conf b/roles/shellserver/web-hosting/files/eglide/nginx/vhosts/robot.paysannerebelle.com.conf
--- a/roles/shellserver/web-hosting/files/eglide/nginx/vhosts/robot.paysannerebelle.com.conf
+++ b/roles/shellserver/web-hosting/files/eglide/nginx/vhosts/robot.paysannerebelle.com.conf
@@ -35,10 +35,8 @@
include includes/letsencrypt.conf;
- # Once the first certificate has been generated, we'll enabl this snippet:
- #
- # SSL - include ssl_params;
- # SSL - ssl_certificate /usr/local/etc/letsencrypt/live/robot.paysannerebelle.com/fullchain.pem;
- # SSL - ssl_certificate_key /usr/local/etc/letsencrypt/live/robot.paysannerebelle.com/privkey.pem;
-
+ include ssl_params;
+ ssl_certificate /etc/letsencrypt/live/robot.paysannerebelle.com/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/robot.paysannerebelle.com/privkey.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/robot.paysannerebelle.com/chain.pem;
}
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Sat, Nov 23, 01:22 (12 h, 6 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2256462
Default Alt Text
D967.id2473.diff (3 KB)
Attached To
Mode
D967: Enable TLS on Eglide sites
Attached
Detach File
Event Timeline
Log In to Comment