Sha256: d96037ed5c1a982c534b1cffa0efdc8a0e9a36fe8d2957e8329a33dc06df845a
Contents?: true
Size: 1.47 KB
Versions: 28
Compression:
Stored size: 1.47 KB
Contents
<% if fetch(:nginx_use_diffie_hellman, false) %>
<%#
## check this sites:
# https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04
# https://cipherli.st/
# https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
# https://wiki.mozilla.org/Security/Server_Side_TLS
#%>
## Diffie Hellman
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers '<%= fetch(:nginx_ssl_ciphers) %>';
ssl_prefer_server_ciphers on;
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
<%#
## Disable preloading HSTS for now. You can use the commented out header line that includes
## the "preload" directive if you understand the implications.
# => add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
## don't add when rails config.force_ssl = true !!!
#%>
<% if fetch(:nginx_strict_security) %>
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
<% end %>
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
ssl_dhparam <%= fetch(:nginx_diffie_hellman_param) %>;
<% end %>
Version data entries
28 entries across 28 versions & 1 rubygems