diff options
author | Georg Pfuetzenreuter | 2023-02-05 10:05:20 +0100 |
---|---|---|
committer | Georg Pfuetzenreuter | 2023-02-05 10:05:20 +0100 |
commit | 98ea861c1391f652d339704f8be3096b814f0c16 (patch) | |
tree | 168b3a0b83d01b4c1d095b15cf329b8f4d15439b /pillar | |
parent | 4581bd4a6a800e6dae21ebdbbb89f496de83ccf9 (diff) | |
download | salt-98ea861c1391f652d339704f8be3096b814f0c16.tar.gz salt-98ea861c1391f652d339704f8be3096b814f0c16.tar.bz2 salt-98ea861c1391f652d339704f8be3096b814f0c16.zip |
web-proxy: add common TLS configuration
Add TLS configuration snippet shared between all web-proxies.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
Diffstat (limited to 'pillar')
-rw-r--r-- | pillar/role/web-proxy.sls | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/pillar/role/web-proxy.sls b/pillar/role/web-proxy.sls index 5913fa6..1b7497c 100644 --- a/pillar/role/web-proxy.sls +++ b/pillar/role/web-proxy.sls @@ -5,6 +5,16 @@ nginx: robots: - location /robots.txt: - root: /srv/www/htdocs + tls: + - ssl_session_timeout: 1d + - ssl_session_cache: shared:Lysergic:10m + - ssl_session_tickets: 'off' + - ssl_protocols: TLSv1.3 + - ssl_prefer_server_ciphers: 'off' + - add_header: Strict-Transport-Security "max-age=63072000" always + - ssl_stapling: 'on' + - ssl_stapling_verify: 'on' + - ssl_trusted_certificate: /etc/ssl/ca-bundle.pem php-fastcgi: - 'location ~* \.php$': - fastcgi_index: index.php |