Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F11724088
tls
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
1 KB
Referenced Files
None
Subscribers
None
tls
View Options
# -------------------------------------------------------------
# nginx :: configuration :: TLS
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Description: Compatible TLS configuration for most clients
# Strategy: nginx 1.22.1, intermediate config, OpenSSL 1.1.1o
# See also: https://ssl-config.mozilla.org/
# License: Trivial work, not eligible for copyright.
# Source file: roles/webserver-core/nginx/files/includes/tls
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
# </auto-generated>
{% if salt["pkg.version_cmp"](nginx_version, "1.25.1") >= 0 -%}
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
{%- else -%}
listen 443 ssl http2;
listen [::]:443 ssl http2;
{%- endif %}
keepalive_timeout 70;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_dhparam {{ nginx_dir }}/dhparams.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
ssl_prefer_server_ciphers off;
# -------------------------------------------------------------
# HSTS - HTTP Strict Transport Security
#
# As we provide a Let's Encrypt certificate for all our services,
# browser should be instructed to connect directly to HTTPS.
#
# This is low risk, as the browser only honour this request
# as soon as it successfully connected to HTTPS without any
# certificate issue.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
add_header Strict-Transport-Security "max-age=63072000" always;
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Thu, Sep 18, 12:54 (10 h, 21 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2980808
Default Alt Text
tls (1 KB)
Attached To
Mode
rOPS Nasqueron Operations
Attached
Detach File
Event Timeline
Log In to Comment