moved ssl configuration

conf.d/ssl.conf

@@ -0,0 +1,12 @@
+ssl_prefer_server_ciphers on;
+# not possible to do exclusive
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';
+
+ssl_dhparam /etc/ssl/private/dhparams.pem;
+
+# add HSTS Header
+add_header Strict-Transport-Security max-age=15768000; # six months
+# Use a SSL/TLS cache for SSL session resume.
+ssl_session_cache shared:SSL:10m;
+ssl_session_timeout 10m;

nginx.conf

@@ -21,19 +21,6 @@ http {
     }
     proxy_cache_path /var/lib/nginx/cache keys_zone=statusATro01:10m;
 
-
-    ssl_prefer_server_ciphers on;
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # not possible to do exclusive
-    ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES2\
-56:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-\
-SHA:CAMELLIA128-SHA:AES128-SHA';
-    ssl_dhparam /etc/ssl/private/dhparams.pem;
-
-        add_header Strict-Transport-Security max-age=15768000; # six months
-        ## Use a SSL/TLS cache for SSL session resume.
-        ssl_session_cache shared:SSL:10m;
-        ssl_session_timeout 10m;
-
     # setzt die Variable php_https abhängig davon ob es sich um eine https Verbindung handelt, ist für die Weitergabe an php
     map $scheme $php_https { default off; https on; }