web-proxy: add common TLS configuration
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Add TLS configuration snippet shared between all web-proxies. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
This commit is contained in:
parent
4581bd4a6a
commit
98ea861c13
GPG Key ID:
1ED2F138E7E6FF57
@ -5,6 +5,16 @@ nginx:
|
|||||||
robots:
|
robots:
|
||||||
- location /robots.txt:
|
- location /robots.txt:
|
||||||
- root: /srv/www/htdocs
|
- root: /srv/www/htdocs
|
||||||
|
tls:
|
||||||
|
- ssl_session_timeout: 1d
|
||||||
|
- ssl_session_cache: shared:Lysergic:10m
|
||||||
|
- ssl_session_tickets: 'off'
|
||||||
|
- ssl_protocols: TLSv1.3
|
||||||
|
- ssl_prefer_server_ciphers: 'off'
|
||||||
|
- add_header: Strict-Transport-Security "max-age=63072000" always
|
||||||
|
- ssl_stapling: 'on'
|
||||||
|
- ssl_stapling_verify: 'on'
|
||||||
|
- ssl_trusted_certificate: /etc/ssl/ca-bundle.pem
|
||||||
php-fastcgi:
|
php-fastcgi:
|
||||||
- 'location ~* \.php$':
|
- 'location ~* \.php$':
|
||||||
- fastcgi_index: index.php
|
- fastcgi_index: index.php
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user