moved ssl configuration
This commit is contained in:
parent
683d847405
commit
6704842cb7
2 changed files with 12 additions and 13 deletions
12
conf.d/ssl.conf
Normal file
12
conf.d/ssl.conf
Normal file
|
@ -0,0 +1,12 @@
|
|||
ssl_prefer_server_ciphers on;
|
||||
# not possible to do exclusive
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';
|
||||
|
||||
ssl_dhparam /etc/ssl/private/dhparams.pem;
|
||||
|
||||
# add HSTS Header
|
||||
add_header Strict-Transport-Security max-age=15768000; # six months
|
||||
# Use a SSL/TLS cache for SSL session resume.
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_timeout 10m;
|
13
nginx.conf
13
nginx.conf
|
@ -21,19 +21,6 @@ http {
|
|||
}
|
||||
proxy_cache_path /var/lib/nginx/cache keys_zone=statusATro01:10m;
|
||||
|
||||
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # not possible to do exclusive
|
||||
ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES2\
|
||||
56:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-\
|
||||
SHA:CAMELLIA128-SHA:AES128-SHA';
|
||||
ssl_dhparam /etc/ssl/private/dhparams.pem;
|
||||
|
||||
add_header Strict-Transport-Security max-age=15768000; # six months
|
||||
## Use a SSL/TLS cache for SSL session resume.
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_timeout 10m;
|
||||
|
||||
# setzt die Variable php_https abhängig davon ob es sich um eine https Verbindung handelt, ist für die Weitergabe an php
|
||||
map $scheme $php_https { default off; https on; }
|
||||
|
||||
|
|
Reference in a new issue