radityo/ansible-nginx
1
0
Fork 0
mirror of https://github.com/HanXHX/ansible-nginx.git synced 2026-02-26 09:12:09 +07:00
Code Issues Projects Releases Wiki Activity

Optionnal HSTS

Browse Source
This commit is contained in:
Emilien Mantel
2016-12-27 17:34:35 +01:00
parent f2cfae31b1
commit 85fd11a34c
2 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
templates/etc/nginx/helper/ssl-legacy.j2
View File

@@ -6,7 +6,9 @@ ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GC
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"{% if nginx_version.stdout | version_compare('1.7.5', 'ge') %} always{% endif %};
if ($https == "on") {
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"{% if nginx_version.stdout | version_compare('1.7.5', 'ge') %} always{% endif %};
}
{% if nginx_version.stdout | version_compare('1.3.7', 'ge') %}
ssl_stapling on;
ssl_stapling_verify on;

4
templates/etc/nginx/helper/ssl-strong.j2
View File

@@ -6,7 +6,9 @@ ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"{% if nginx_version.stdout | version_compare('1.7.5', 'ge') %} always{% endif %};
if ($https == "on") {
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"{% if nginx_version.stdout | version_compare('1.7.5', 'ge') %} always{% endif %};
}
{% if nginx_version.stdout | version_compare('1.3.7', 'ge') %}
ssl_stapling on;
ssl_stapling_verify on;