chat01 - make cipher strong

author Philipp Dallig <philipp.dallig@pixelpark.com>

Fri, 12 Aug 2016 15:09:42 +0000 (17:09 +0200)

committer Philipp Dallig <philipp.dallig@pixelpark.com>

Fri, 12 Aug 2016 15:09:42 +0000 (17:09 +0200)
author Philipp Dallig <philipp.dallig@pixelpark.com>
Fri, 12 Aug 2016 15:09:42 +0000 (17:09 +0200)
committer Philipp Dallig <philipp.dallig@pixelpark.com>
Fri, 12 Aug 2016 15:09:42 +0000 (17:09 +0200)
diff --git a/customer/pixelpark/chat01.pixelpark.com.yaml b/customer/pixelpark/chat01.pixelpark.com.yaml

index 3c7774b729f37832530365e9f31e456731372b9a..fd4f312c934ccb2670468208c8426faa5eb9775c 100644 (file)
--- a/customer/pixelpark/chat01.pixelpark.com.yaml
+++ b/customer/pixelpark/chat01.pixelpark.com.yaml
@@ -14,8 +14,13 @@ nginx::nginx_vhosts:
      ssl: true
      ssl_cert: /etc/pki/tls/certs/wildcard.pixelpark.com-cert.pem
      ssl_key: /etc/pki/tls/private/wildcard.pixelpark.com-key.pem
+    ssl_dhparam: /etc/ssl/certs/dhparam.pem
+    ssl_ciphers: 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'
+    ssl_protocols: 'TLSv1.2'
      rewrite_to_https: true
      proxy: http://rocket_chat
+    add_header:
+      - 'Strict-Transport-Security "max-age=63072000;"'
      proxy_set_header:
        - 'Upgrade $http_upgrade'
        - 'Connection "upgrade"'
author	Philipp Dallig <philipp.dallig@pixelpark.com>
	Fri, 12 Aug 2016 15:09:42 +0000 (17:09 +0200)
committer	Philipp Dallig <philipp.dallig@pixelpark.com>
	Fri, 12 Aug 2016 15:09:42 +0000 (17:09 +0200)