Sha256: d96037ed5c1a982c534b1cffa0efdc8a0e9a36fe8d2957e8329a33dc06df845a

Contents?: true

Size: 1.47 KB

Versions: 28

Compression:

Stored size: 1.47 KB

Contents

<% if fetch(:nginx_use_diffie_hellman, false) %>
  <%# 
      ## check this sites:
      # https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04
      # https://cipherli.st/
      # https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html 
      # https://wiki.mozilla.org/Security/Server_Side_TLS
  #%>
  ## Diffie Hellman
  ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers                 '<%= fetch(:nginx_ssl_ciphers) %>';
  ssl_prefer_server_ciphers   on;
  ssl_ecdh_curve              secp384r1;
  ssl_session_cache           shared:SSL:10m;
  ssl_session_tickets         off;
  ssl_stapling                on;
  ssl_stapling_verify         on;
  resolver                    8.8.8.8 8.8.4.4 valid=300s;
  resolver_timeout            5s;
  <%#
      ## Disable preloading HSTS for now.  You can use the commented out header line that includes
      ## the "preload" directive if you understand the implications.
      
      # => add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
  
      ## don't add when rails config.force_ssl = true !!!
  #%>
  <% if fetch(:nginx_strict_security) %>
  add_header                  Strict-Transport-Security "max-age=63072000; includeSubdomains";
  <% end %>
  add_header                  X-Frame-Options DENY;
  add_header                  X-Content-Type-Options nosniff;
  ssl_dhparam                 <%= fetch(:nginx_diffie_hellman_param) %>;
  
<% end %>

Version data entries

28 entries across 28 versions & 1 rubygems

Version Path
magic_recipes_two-0.0.95 lib/generators/capistrano/magic_recipes/templates/nginx/diffie_hellman.erb
magic_recipes_two-0.0.94 lib/generators/capistrano/magic_recipes/templates/nginx/diffie_hellman.erb
magic_recipes_two-0.0.93 lib/generators/capistrano/magic_recipes/templates/nginx/diffie_hellman.erb
magic_recipes_two-0.0.91 lib/generators/capistrano/magic_recipes/templates/nginx/diffie_hellman.erb
magic_recipes_two-0.0.90 lib/generators/capistrano/magic_recipes/templates/nginx/diffie_hellman.erb
magic_recipes_two-0.0.89 lib/generators/capistrano/magic_recipes/templates/nginx/diffie_hellman.erb
magic_recipes_two-0.0.88 lib/generators/capistrano/magic_recipes/templates/nginx/diffie_hellman.erb
magic_recipes_two-0.0.87 lib/generators/capistrano/magic_recipes/templates/nginx/diffie_hellman.erb
magic_recipes_two-0.0.86 lib/generators/capistrano/magic_recipes/templates/nginx/diffie_hellman.erb
magic_recipes_two-0.0.85 lib/generators/capistrano/magic_recipes/templates/nginx/diffie_hellman.erb
magic_recipes_two-0.0.84 lib/generators/capistrano/magic_recipes/templates/nginx/diffie_hellman.erb
magic_recipes_two-0.0.83 lib/generators/capistrano/magic_recipes/templates/nginx/diffie_hellman.erb
magic_recipes_two-0.0.82 lib/generators/capistrano/magic_recipes/templates/nginx/diffie_hellman.erb
magic_recipes_two-0.0.81 lib/generators/capistrano/magic_recipes/templates/nginx/diffie_hellman.erb
magic_recipes_two-0.0.80 lib/generators/capistrano/magic_recipes/templates/nginx/diffie_hellman.erb
magic_recipes_two-0.0.79 lib/generators/capistrano/magic_recipes/templates/nginx/diffie_hellman.erb
magic_recipes_two-0.0.78 lib/generators/capistrano/magic_recipes/templates/nginx/diffie_hellman.erb
magic_recipes_two-0.0.77 lib/generators/capistrano/magic_recipes/templates/nginx/diffie_hellman.erb
magic_recipes_two-0.0.76 lib/generators/capistrano/magic_recipes/templates/nginx/diffie_hellman.erb
magic_recipes_two-0.0.75 lib/generators/capistrano/magic_recipes/templates/nginx/diffie_hellman.erb