# # {{ ansible_managed }} # ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; if ($https = "on") { add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"{% if nginx_version.stdout | version_compare('1.7.5', 'ge') %} always{% endif %}; } {% if nginx_version.stdout | version_compare('1.3.7', 'ge') %} ssl_stapling on; ssl_stapling_verify on; {% endif %} resolver {{ nginx_resolver_hosts | join(' ') }} valid={{ nginx_resolver_valid }}; resolver_timeout {{ nginx_resolver_timeout }}; ssl_dhparam {{ nginx_dh_path }}; # vim:filetype=nginx