7e33272f84
more secure
Added SSL caching to speed up SSL requests
Add server_tokens to the global config so this can be turned on|off
between dev and prod
Add proxy_set_header to vhost as different vhosts may require different
headers and the global setting is not ideal
Minor space formatting so that the generated files are fractionally
more readable
17 lines
712 B
Text
17 lines
712 B
Text
server {
|
|
listen <%= ssl_port %>;
|
|
<% if ipv6_enable == 'true' && (defined? ipaddress6) %>
|
|
listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> <% if @ipv6_listen_options %><%= ipv6_listen_options %><% end %> ipv6only=on;
|
|
<% end %>
|
|
server_name <%= rewrite_www_to_non_www ? name.gsub(/^www\./, '') : server_name.join(" ") %>;
|
|
|
|
ssl on;
|
|
ssl_certificate <%= ssl_cert %>;
|
|
ssl_certificate_key <%= ssl_key %>;
|
|
ssl_session_cache shared:SSL:10m;
|
|
ssl_session_timeout 10m;
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
<% proxy_set_header.each do |header| %>
|
|
proxy_set_header <%= header %>;<% end %>
|