# {{ ansible_managed }} listen 443 ssl http2; ssl_certificate /etc/letsencrypt/live/{{ nginx_certname }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/{{ nginx_certname }}/privkey.pem; # Allow TLS version 1.2 only, which is a recommended default these days # by international information security standards. ssl_protocols TLSv1.2; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on;