gnuviech/gva
1
0
Fork 0
Code Issues 6 Pull requests Releases Wiki Activity

setup default nginx ssl/security configuration for vagrant

Browse source
This commit is contained in:
Jan Dittberner 2015-10-04 19:32:42 +02:00
parent 18ae1e15f4
commit 3c6b779c44
6 changed files with 103 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

15
salt/roots/webserver/nginx-ssl.conf Normal file
View file

@ -0,0 +1,15 @@
# Default TLS settings
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers kEECDH+AESGCM:kEECDH+AES:kEECDH:EDH+AESGCM:kEDH+AES:kEDH:AESGCM:ALL:!LOW:!EXP:!MD5:!aNULL:!eNULL:!RC4:!DSS;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_dhparam {{ salt['pillar.get']('nginx:sslcertdir') }}/dhparams.pem;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
# use Google's DNS
resolver 8.8.8.8;
resolver_timeout 5s;