propellor

propellor config for hosts.
git clone git://git.ricketyspace.net/propellor.git
Log | Files | Refs | LICENSE

commit 356a789c52d50c1473677bbb4bb8b34137dcef46
parent bbddcb2d8f7231031732e4f182d3d47882481d50
Author: rsiddharth <s@ricketyspace.net>
Date:   Fri, 12 Apr 2019 05:38:23 -0400

propellor spin

Diffstat:
config.hs | 36++++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+), 0 deletions(-)

diff --git a/config.hs b/config.hs @@ -950,8 +950,44 @@ ricketyspaceNetFSFINginx = [ , " listen 80;" , " listen [::]:80;" , " server_name fsfi.ricketyspace.net;" + , " return 301 https://$host$request_uri;" + , "}" + , "" + , "server {" + , " listen 443 ssl http2;" + , " listen [::]:443 ssl http2;" + , " server_name fsfi.ricketyspace.net;" + , "" + , " access_log /var/log/nginx/fsfi-access.log;" + , " error_log /var/log/nginx/fsfi-error.log;" + , "" , " root /home/w/fsfi;" , " default_type text/plain;" + , "" + , " # Path to certificate and private key." + , " # The .crt may omit the root CA cert, if it's a standard CA that ships with clients." + , " ssl_certificate /etc/ssl/certs/fsfi.rs.net.chained.le.pem;" + , " ssl_certificate_key /etc/ssl/private/fsfi.rs.net.d.le.key;" + , "" + , " add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';" + , "" + , " ssl_prefer_server_ciphers on;" + , " ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !MD5 !EXP !DSS !PSK !SRP !kECDH !CAMELLIA !RC4 !SEED';" + , "" + , " ssl_protocols TLSv1.2 TLSv1.1 TLSv1;" + , "" + , " # as recommended by http://nginx.org/en/docs/http/configuring_https_servers.html" + , " ssl_session_cache shared:SSL:10m;" + , " ssl_session_timeout 10m;" + , " keepalive_timeout 70;" + , "" + , " # nginx 1.5.9+ ONLY" + , " ssl_buffer_size 1400;" + , "" + , " #" + , " # Generated by OpenSSL with the following command:" + , " # openssl dhparam -outform pem -out dhparam2048.pem 2048" + , " ssl_dhparam /etc/ssl/certs/dhparam4096.pem;" , "}" ]