forked from bitlair/ansible
22 lines
857 B
Django/Jinja
22 lines
857 B
Django/Jinja
# {{ ansible_managed }}
|
|
|
|
ssl_session_timeout {{ nginx_tls_session_timeout }};
|
|
ssl_session_tickets off;
|
|
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_session_cache shared:SSL:{{ nginx_tls_cache_size }};
|
|
|
|
ssl_protocols {{ nginx_tls_version }};
|
|
ssl_ciphers {{ nginx_tls_cipherlist }};
|
|
ssl_ecdh_curve {{ nginx_tls_curve }};
|
|
|
|
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
|
|
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
|
add_header X-Frame-Options "sameorigin";
|
|
add_header X-Content-Type-Options "nosniff";
|
|
add_header X-Robots-Tag noindex;
|
|
|
|
# OCSP stapling
|
|
ssl_stapling {{ nginx_ssl_stapling }};
|
|
ssl_stapling_verify {{ nginx_ssl_stapling_verify }};
|
|
|