WIP: generiek nginx role
This commit is contained in:
parent
ea3b17ef2d
commit
8df1cba71c
GPG key ID:
D8674D8FC4F69BD2
14 changed files with 278 additions and 15 deletions
22
roles/nginx/templates/tls_params.j2
Normal file
22
roles/nginx/templates/tls_params.j2
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
ssl_session_timeout {{ nginx_tls_session_timeout }};
|
||||
ssl_session_tickets off;
|
||||
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_cache shared:SSL:{{ nginx_tls_cache_size }};
|
||||
|
||||
ssl_protocols {{ nginx_tls_version }};
|
||||
ssl_ciphers {{ nginx_tls_cipherlist }};
|
||||
ssl_ecdh_curve {{ nginx_tls_curve }};
|
||||
|
||||
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
|
||||
add_header X-Frame-Options "sameorigin";
|
||||
add_header X-Content-Type-Options "nosniff";
|
||||
add_header X-Robots-Tag noindex;
|
||||
|
||||
# OCSP stapling
|
||||
ssl_stapling {{ nginx_ssl_stapling }};
|
||||
ssl_stapling_verify {{ nginx_ssl_stapling_verify }};
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue