2024-11-15 16:50:11 +01:00
|
|
|
# {{ ansible_managed }}
|
|
|
|
|
2024-07-12 15:00:55 +02:00
|
|
|
listen 443 ssl http2;
|
|
|
|
|
2024-07-12 21:06:00 +02:00
|
|
|
ssl_certificate /etc/letsencrypt/live/{{ nginx_certname }}/fullchain.pem;
|
|
|
|
ssl_certificate_key /etc/letsencrypt/live/{{ nginx_certname }}/privkey.pem;
|
2024-07-12 15:00:55 +02:00
|
|
|
|
|
|
|
# Allow TLS version 1.2 only, which is a recommended default these days
|
|
|
|
# by international information security standards.
|
|
|
|
ssl_protocols TLSv1.2;
|
|
|
|
|
|
|
|
ssl_session_cache shared:SSL:1m;
|
|
|
|
ssl_session_timeout 5m;
|
|
|
|
|
|
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
|
|
ssl_prefer_server_ciphers on;
|