radityo
/
ansible-nginx
mirror of https://github.com/HanXHX/ansible-nginx.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

SSL strapling on Nginx >= 1.3.7

pull/14/head
Emilien Mantel 2016-01-15 12:13:15 +01:00
parent 11c98ab145
commit 287d154532
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
templates/etc/nginx/helper/ssl-legacy.j2
View File

@ -9,8 +9,10 @@ ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
add_header X-Frame-Options DENY; add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
{% if nginx_version.stdout | version_compare('1.3.7', 'ge') %}
ssl_stapling on; ssl_stapling on;
ssl_stapling_verify on; ssl_stapling_verify on;
{% endif %}
resolver {{ nginx_resolver_hosts | join(' ') }} valid={{ nginx_resolver_valid }}; resolver {{ nginx_resolver_hosts | join(' ') }} valid={{ nginx_resolver_valid }};
resolver_timeout {{ nginx_resolver_timeout }}; resolver_timeout {{ nginx_resolver_timeout }};
ssl_dhparam {{ nginx_dh_path }}; ssl_dhparam {{ nginx_dh_path }};

2
templates/etc/nginx/helper/ssl-strong.j2
View File

@ -9,8 +9,10 @@ ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
add_header X-Frame-Options DENY; add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
{% if nginx_version.stdout | version_compare('1.3.7', 'ge') %}
ssl_stapling on; ssl_stapling on;
ssl_stapling_verify on; ssl_stapling_verify on;
{% endif %}
resolver {{ nginx_resolver_hosts | join(' ') }} valid={{ nginx_resolver_valid }}; resolver {{ nginx_resolver_hosts | join(' ') }} valid={{ nginx_resolver_valid }};
resolver_timeout {{ nginx_resolver_timeout }}; resolver_timeout {{ nginx_resolver_timeout }};
ssl_dhparam {{ nginx_dh_path }}; ssl_dhparam {{ nginx_dh_path }};