Page MenuHomeDevCentral
Files F11724985

tls-modern-only
No OneTemporary
Actions

tls-modern-only
View Options

# -------------------------------------------------------------
# nginx :: configuration :: TLS
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Description: Modern services with only TLS 1.3 support
# Strategy: nginx 1.17.7, modern config, OpenSSL 1.1.1k
# See also: https://ssl-config.mozilla.org/
# License: Trivial work, not eligible for copyright.
# Source file: roles/webserver-core/nginx/files/includes/tls-modern-only
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
# </auto-generated>
{% if salt["pkg.version_cmp"](nginx_version, "1.25.1") >= 0 -%}
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
{%- else -%}
listen 443 ssl http2;
listen [::]:443 ssl http2;
{%- endif %}
keepalive_timeout 70;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
# -------------------------------------------------------------
# HSTS - HTTP Strict Transport Security
#
# As we provide a Let's Encrypt certificate for all our services,
# browser should be instructed to connect directly to HTTPS.
#
# This is low risk, as the browser only honour this request
# as soon as it successfully connected to HTTPS without any
# certificate issue.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
add_header Strict-Transport-Security "max-age=63072000" always;

File Metadata

Mime Type
text/plain
Expires
Thu, Sep 18, 18:57 (4 h, 25 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2991299
Default Alt Text
tls-modern-only (1 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator