nginx: s/conf.d/include.d/

author: Guilhem Moulin <guilhem@fripost.org> 2015-12-15 02:15:50 +0100
committer: Guilhem Moulin <guilhem@fripost.org> 2015-12-15 02:15:55 +0100
commit: b483d2050147115dce151d669c537bcb1776164e (patch)
tree: 33261df9053cef2830b8ceb09b202b9bf3d30919 /roles/common-web/files/etc/nginx/conf.d/ssl
parent: ea7372eb8a2fa66b08ec37b030a098998e0aa47d (diff)
1 files changed, 0 insertions, 20 deletions
diff --git a/roles/common-web/files/etc/nginx/conf.d/ssl b/roles/common-web/files/etc/nginx/conf.d/ssl
deleted file mode 100644
index 26a64f4..0000000
--- a/roles/common-web/files/etc/nginx/conf.d/ssl
+++ /dev/null
@@ -1,20 +0,0 @@
-ssl on;
-
-# See http://nginx.org/en/docs/http/configuring_https_servers.html#optimization
-keepalive_timeout           75 75;
-ssl_session_timeout         5m;
-ssl_session_cache           shared:SSL:5m;
-
-# XXX: Ideally we want to get rid of TLSv1, to be immune to the BEAST
-# attack. Sadly as of 2013 many clients don't support TLSv1.2, though.
-# The alternative would be to reject BEAST-vulnerable ciphers from TLSv1
-# in favor of RC4, but that's not satisfactory either since RC4 has
-# other weaknesses.
-ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
-ssl_ciphers                 HIGH:!SSLv2:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH;
-ssl_dhparam                 /etc/ssl/private/dhparams.pem;
-ssl_prefer_server_ciphers   on;
-
-# Strict Transport Security header for enhanced security. See
-# http://www.chromium.org/sts.
-add_header Strict-Transport-Security "max-age=15552000";
author	Guilhem Moulin <guilhem@fripost.org>	2015-12-15 02:15:50 +0100
committer	Guilhem Moulin <guilhem@fripost.org>	2015-12-15 02:15:55 +0100
commit	b483d2050147115dce151d669c537bcb1776164e (patch)
tree	33261df9053cef2830b8ceb09b202b9bf3d30919 /roles/common-web/files/etc/nginx/conf.d/ssl
parent	ea7372eb8a2fa66b08ec37b030a098998e0aa47d (diff)