Skip to content

Commit

Permalink
add more secure ssl settings
Browse files Browse the repository at this point in the history
Daniel Zabel committed Jan 2, 2015
1 parent 34a889e commit 41389b2
Showing 2 changed files with 9 additions and 7 deletions.
10 changes: 9 additions & 1 deletion attributes/default.rb
Original file line number Diff line number Diff line change
@@ -63,7 +63,15 @@
default[:nexus][:app_server_proxy][:server][:options] = [
"client_max_body_size 200M",
"client_body_buffer_size 512k",
"keepalive_timeout 0"
"keepalive_timeout 0",
'ssl_session_cache shared:SSL:10m',
'ssl_session_timeout 24h',
'ssl_protocols TLSv1 TLSv1.1 TLSv1.2',
'ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL',
'ssl_prefer_server_ciphers on',
'add_header Strict-Transport-Security max-age=63072000',
'add_header X-Frame-Options DENY',
'add_header X-Content-Type-Options nosniff'
]
default[:nexus][:app_server_proxy][:proxy][:options] = []

6 changes: 0 additions & 6 deletions templates/default/nexus_proxy.nginx.conf.erb
Original file line number Diff line number Diff line change
@@ -22,12 +22,6 @@ server {
<%= option %>;
<% end %>

ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5:!kEDH;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;

location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;

0 comments on commit 41389b2

Please sign in to comment.