mdk
/
infra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
infra/roles/nginx/defaults/main.yml

26 lines
822 B
YAML
Raw Blame History

---
ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
ssl_protocols: "TLSv1.2 TLSv1.3"
ssl_prefer_server_ciphers: "off"
ssl_session_cache: "shared:ssl_session_cache:10m"
HSTS_header: 'Strict-Transport-Security "max-age=63072000; always"'
nginx_conf: |
server
{
listen [::]:80; listen 80;
server_name {{ nginx_domain }};
return 301 https://$host$request_uri;
}
server
{
listen [::]:443 ssl http2; listen 443 ssl http2;
charset utf-8;
server_name {{ nginx_domain }};
include snippets/letsencrypt-{{ nginx_domain }}.conf;
root {{ nginx_path }};
index index.html;
}
Reference in New Issue View Git Blame Copy Permalink