nginx: Reworked global ssl and https configuration
parent
c2bd392675
commit
01fafa5ca1
@ -0,0 +1,3 @@
|
|||||||
|
include {{ nginx_snippets_directory }}/ssl.conf;
|
||||||
|
add_header Strict-Transport-Security 'max-age=15768000; includeSubDomains; preload;'; # default max age: 2592000 = 30 * 24 * 60 * 60s
|
||||||
|
add_header 'Referrer-Policy' 'same-origin';
|
@ -0,0 +1,5 @@
|
|||||||
|
ssl_protocols TLSv1.2;
|
||||||
|
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
ssl_session_cache shared:SSL:10m;
|
||||||
|
ssl_session_timeout 10m;
|
Loading…
Reference in New Issue