tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

abusesa: Use Mozilla's modern ciphersuites in services nginx config

Browse source
This commit is contained in:
Ossi Salmi 2016-03-10 14:02:55 +02:00
parent 9fd5bf33b6
commit 3803888be6
2 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
abusesa/templates/services/nginx.conf.erb
View file

@ -13,6 +13,12 @@ server {
ssl_certificate_key <%= @puppet_ssldir %>/private_keys/<%= @homename %>.pem;
ssl_client_certificate <%= @puppet_ssldir %>/certs/ca.pem;
ssl_protocols TLSv1.2;
ssl_ciphers <%= scope.lookupvar('ssl::ciphersuites::mozilla_modern_ciphersuites') %>;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=15768000;
proxy_buffering off;
<% if @allow_dn -%>