Skip to content

Commit d5029c7

Browse files
geerlingguygeerlingguy
committed
Issue geerlingguy#83: Vastly simplify the initial Nginx https server config.
1 parent 7330cc5 commit d5029c7

File tree

1 file changed

+0
-17
lines changed

1 file changed

+0
-17
lines changed

https-self-signed/provisioning/templates/https.test.conf.j2

Lines changed: 0 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -12,25 +12,8 @@ server {
1212
server {
1313
listen 443 ssl default_server;
1414
server_name {{ server_hostname }};
15-
index index.html;
1615
root {{ nginx_docroot }};
1716

1817
ssl_certificate {{ certificate_dir }}/{{ server_hostname }}/fullchain.pem;
1918
ssl_certificate_key {{ certificate_dir }}/{{ server_hostname }}/privkey.pem;
20-
ssl_trusted_certificate {{ certificate_dir }}/{{ server_hostname }}/fullchain.pem;
21-
ssl_session_timeout 1d;
22-
ssl_session_cache shared:SSL:50m;
23-
ssl_session_tickets off;
24-
25-
ssl_protocols TLSv1.2;
26-
ssl_ciphers EECDH+AESGCM:EECDH+AES;
27-
ssl_ecdh_curve secp384r1;
28-
ssl_prefer_server_ciphers on;
29-
30-
ssl_stapling on;
31-
ssl_stapling_verify on;
32-
33-
add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
34-
add_header X-Frame-Options DENY;
35-
add_header X-Content-Type-Options nosniff;
3619
}

0 commit comments

Comments
 (0)