ansible/roles/nginx/templates/tls_params.j2

22 lines
857 B
Django/Jinja

# {{ ansible_managed }}
ssl_session_timeout {{ nginx_tls_session_timeout }};
ssl_session_tickets off;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:{{ nginx_tls_cache_size }};
ssl_protocols {{ nginx_tls_version }};
ssl_ciphers {{ nginx_tls_cipherlist }};
ssl_ecdh_curve {{ nginx_tls_curve }};
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
add_header X-Frame-Options "sameorigin";
add_header X-Content-Type-Options "nosniff";
add_header X-Robots-Tag noindex;
# OCSP stapling
ssl_stapling {{ nginx_ssl_stapling }};
ssl_stapling_verify {{ nginx_ssl_stapling_verify }};