-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathssl.conf
More file actions
25 lines (20 loc) · 882 Bytes
/
ssl.conf
File metadata and controls
25 lines (20 loc) · 882 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# set the allowed protocols
ssl_protocols {{ or (getv "/deis/router/sslProtocols") "TLSv1 TLSv1.1 TLSv1.2" }};
# turn on session caching to drastically improve performance
{{ if exists "/deis/router/sslSessionCache" }}
ssl_session_cache {{ getv "/deis/router/sslSessionCache" }};
ssl_session_timeout {{ or (getv "/deis/router/sslSessionTimeout") "10m" }};
{{ end }}
# allow configuring ssl session tickets
ssl_session_tickets {{ or (getv "/deis/router/sslSessionTickets") "on" }};
# slightly reduce the time-to-first-byte
ssl_buffer_size {{ or (getv "/deis/router/sslBufferSize") "4k" }};
# allow configuring custom ssl ciphers
{{ if exists "/deis/router/sslCiphers" }}
ssl_ciphers '{{ getv "/deis/router/sslCiphers" }}';
ssl_prefer_server_ciphers on;
{{ end }}
# allow custom DH parameters
{{ if exists "/deis/router/sslDhparam" }}
ssl_dhparam /etc/ssl/dhparam.pem;
{{ end }}