diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2015-12-20 13:59:39 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2015-12-20 13:59:39 +0100 |
commit | 01e59771866559cc13a58800282617d04cb286a6 (patch) | |
tree | a1772ca3ce7bde38d1c96a4855db504b6ab8ec96 /roles/common-web/files/etc/nginx/include.d/ssl | |
parent | 74943c88f1a0de34ca593dafe5b0785c7ee7a95e (diff) |
nginx: Move include.d/* to snippets/.
Diffstat (limited to 'roles/common-web/files/etc/nginx/include.d/ssl')
-rw-r--r-- | roles/common-web/files/etc/nginx/include.d/ssl | 20 |
1 files changed, 0 insertions, 20 deletions
diff --git a/roles/common-web/files/etc/nginx/include.d/ssl b/roles/common-web/files/etc/nginx/include.d/ssl deleted file mode 100644 index 26a64f4..0000000 --- a/roles/common-web/files/etc/nginx/include.d/ssl +++ /dev/null @@ -1,20 +0,0 @@ -ssl on; - -# See http://nginx.org/en/docs/http/configuring_https_servers.html#optimization -keepalive_timeout 75 75; -ssl_session_timeout 5m; -ssl_session_cache shared:SSL:5m; - -# XXX: Ideally we want to get rid of TLSv1, to be immune to the BEAST -# attack. Sadly as of 2013 many clients don't support TLSv1.2, though. -# The alternative would be to reject BEAST-vulnerable ciphers from TLSv1 -# in favor of RC4, but that's not satisfactory either since RC4 has -# other weaknesses. -ssl_protocols TLSv1 TLSv1.1 TLSv1.2; -ssl_ciphers HIGH:!SSLv2:!aNULL:!eNULL:!3DES:!MD5:@STRENGTH; -ssl_dhparam /etc/ssl/private/dhparams.pem; -ssl_prefer_server_ciphers on; - -# Strict Transport Security header for enhanced security. See -# http://www.chromium.org/sts. -add_header Strict-Transport-Security "max-age=15552000"; |