infrastructure/nginx/conf.d/sub/options-ssl-nginx.conf

# generated 2022-11-23, Mozilla Guideline v5.6, nginx 1.23, OpenSSL 1.1.1k, modern configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.23&config=modern&openssl=1.1.1k&guideline=5.6

ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;

ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;

add_header Strict-Transport-Security "max-age=63072000" always;

# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
Add files Signed-off-by: Bensuperpc <bensuperpc@gmail.com> 2022-11-24 13:32:59 +01:00			`# generated 2022-11-23, Mozilla Guideline v5.6, nginx 1.23, OpenSSL 1.1.1k, modern configuration`
			`# https://ssl-config.mozilla.org/#server=nginx&version=1.23&config=modern&openssl=1.1.1k&guideline=5.6`

			`ssl_session_cache shared:le_nginx_SSL:10m;`
			`ssl_session_timeout 1440m;`
			`ssl_session_tickets off;`

			`ssl_protocols TLSv1.3;`
			`ssl_prefer_server_ciphers off;`

Update infra Signed-off-by: Bensuperpc <bensuperpc@gmail.com> 2023-04-16 23:43:40 +02:00			`add_header Strict-Transport-Security "max-age=63072000" always;`

Add files Signed-off-by: Bensuperpc <bensuperpc@gmail.com> 2022-11-24 13:32:59 +01:00			`# OCSP stapling`
			`ssl_stapling on;`
			`ssl_stapling_verify on;`