diff options
author | Christian Franke <nobody@nowhere.ws> | 2015-08-28 15:38:36 +0200 |
---|---|---|
committer | Christian Franke <nobody@nowhere.ws> | 2015-08-28 15:38:36 +0200 |
commit | 1eb35a1e69d9a9f3f43340b9ea46d95bb2c1a0e8 (patch) | |
tree | c2f50624ccf38999896e66c9f270a96ee4cbb5cb /roles/cgit/templates/ssl.conf.j2 | |
parent | 6474bb9964d8a57b050e597a451fa40a3e5148f0 (diff) |
Add cgit role - git webfrontend
Diffstat (limited to 'roles/cgit/templates/ssl.conf.j2')
-rw-r--r-- | roles/cgit/templates/ssl.conf.j2 | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/roles/cgit/templates/ssl.conf.j2 b/roles/cgit/templates/ssl.conf.j2 new file mode 100644 index 0000000..c6b8fe3 --- /dev/null +++ b/roles/cgit/templates/ssl.conf.j2 @@ -0,0 +1,20 @@ +SSLEngine On + +SSLCertificateChainFile /etc/apache2/sites/{{ git_server_name }}/ssl/chain.pem +SSLCertificateFile /etc/apache2/sites/{{ git_server_name }}/ssl/cert.pem +SSLCertificateKeyFile /etc/apache2/sites/{{ git_server_name }}/ssl/key.pem + +SSLEngine On +SSLHonorCipherOrder on +SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1 -SSLv3 -SSLv2 +SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK +SSLCompression off + +#Header always set Strict-Transport-Security "max-age=15984000" + +SSLOptions StdEnvVars + +BrowserMatch "MSIE [2-6]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 +BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown |