From: Philipp Dallig <philipp.dallig@pixelpark.com>
Date: Fri, 12 Aug 2016 15:09:42 +0000 (+0200)
Subject: chat01 - make cipher strong
X-Git-Tag: v0.1.0~4302
X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=e20d536394bad181c8355590b37ec07e3124ae38;p=pixelpark%2Fhiera.git

chat01 - make cipher strong
---

diff --git a/customer/pixelpark/chat01.pixelpark.com.yaml b/customer/pixelpark/chat01.pixelpark.com.yaml
index 3c7774b7..fd4f312c 100644
--- a/customer/pixelpark/chat01.pixelpark.com.yaml
+++ b/customer/pixelpark/chat01.pixelpark.com.yaml
@@ -14,8 +14,13 @@ nginx::nginx_vhosts:
     ssl: true
     ssl_cert: /etc/pki/tls/certs/wildcard.pixelpark.com-cert.pem
     ssl_key: /etc/pki/tls/private/wildcard.pixelpark.com-key.pem
+    ssl_dhparam: /etc/ssl/certs/dhparam.pem
+    ssl_ciphers: 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'
+    ssl_protocols: 'TLSv1.2'
     rewrite_to_https: true
     proxy: http://rocket_chat
+    add_header:
+      - 'Strict-Transport-Security "max-age=63072000;"'
     proxy_set_header:
       - 'Upgrade $http_upgrade'
       - 'Connection "upgrade"'