systems/infrastructure
1
Fork 0
Code Issues 1 Pull requests 16 Activity Actions

Add HSTS to all nginx requests

Browse source
This commit is contained in:
Jake Howard 2024-03-03 21:37:07 +00:00
parent 0dcc3f7c30
commit 000f3d3348
Signed by: jake
GPG key ID: 57AFB45680EDD477
1 changed files with 1 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
ansible/roles/nginx/files/includes/ssl.conf
View file

@ -8,8 +8,7 @@ ssl_dhparam dhparams.pem;
ssl_protocols TLSv1.2 TLSv1.3; ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
ssl_prefer_server_ciphers off; ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds) more_set_headers "Strict-Transport-Security: max-age=2592000";
#add_header Strict-Transport-Security "max-age=63072000" always;
# OCSP stapling # OCSP stapling
ssl_stapling on; ssl_stapling on;