Home Explore Help
Register Sign In
opuppet
/
module-nginx
6
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: f544dfec0a
Branches Tags
module-nginx
/
templates
/
mailhost
/
mailhost.erb

mailhost.erb 2.1 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738 
  1. 

  2. server {
    3. 

  3. <%- if @listen_ip.is_a?(Array) then -%>
    4. 

  4.   <%- @listen_ip.each do |ip| -%>
    5. 

  5.   listen                <%= ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>;
    6. 

  6.   <%- end -%>
    7. 

  7. <%- else -%>
    8. 

  8.   listen                <%= @listen_ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>;
    9. 

  9. <%- end -%>
    10. 

  10. <%# check to see if ipv6 support exists in the kernel before applying -%>
    11. 

  11. <%- if @ipv6_enable && (defined? @ipaddress6) -%>
    12. 

  12.   <%- if @ipv6_listen_ip.is_a?(Array) then -%>
    13. 

  13.     <%- @ipv6_listen_ip.each do |ipv6| -%>
    14. 

  14.   listen [<%= ipv6 %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
    15. 

  15.     <%- end -%>
    16. 

  16.   <%- else -%>
    17. 

  17.   listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
    18. 

  18.   <%- end -%>
    19. 

  19. <%- end -%>
    20. 

  20.   server_name           <%= @server_name.join(" ") %>;
    21. 

  21.   protocol              <%= @protocol %>;
    22. 

  22.   xclient               <%= @xclient %>;
    23. 

  23.   auth_http             <%= @auth_http %>;
    24. 

  24.   starttls              <%= @starttls %>;
    25. 

  25.   <% if @starttls == 'on' || @starttls == 'only' %>
    26. 

  26.   ssl_certificate      <%= @ssl_cert %>;
    27. 

  27.   ssl_certificate_key  <%= @ssl_key %>;
    28. 

  28. 

  29.   ssl_session_timeout  5m;
    30. 

  30. 

  31.   ssl_protocols  SSLv3 TLSv1;
    32. 

  32. 

  33.   # Suggested from https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx_configuration_details and https://weakdh.org/sysadmin.html
    34. 

  34.   ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    35. 

  35. 

  36.   ssl_prefer_server_ciphers   on;
    37. 

  37.   <%- end -%>
    38. 

  38. }
    39.