projects / discourse_docker.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 12fa363)
Some HTTPS improvements to achieve A+ on Qualsys SSL Labs
authorRobert O'Connor <rob@oconnor.ninja>
Tue, 6 Dec 2016 22:32:40 +0000 (17:32 -0500)
committerRobert O'Connor <rob@oconnor.ninja>
Tue, 6 Dec 2016 23:52:56 +0000 (18:52 -0500)
- Make HSTS max-age longer for A+ on qualsys SSL labs
- dhparams 4096 bits vs 2048

templates/web.letsencrypt.ssl.template.yml patch | blob | blame | history
templates/web.ssl.template.yml patch | blob | blame | history

diff --git a/templates/web.letsencrypt.ssl.template.yml b/templates/web.letsencrypt.ssl.template.yml
index afd16d813876791c70cf22f5f31a262cf31ec0c1..323d2a499f0eb5153e66df8b5ff5f92c8705527b 100644 (file)
--- a/templates/web.letsencrypt.ssl.template.yml
+++ b/templates/web.letsencrypt.ssl.template.yml
@@ -88,5 +88,4 @@ hooks:
        filename: "/etc/nginx/conf.d/discourse.conf"
        from: /add_header.+/
        to: |
-         # remember the certificate for 80 days and automatically connect to HTTPS for this domain
-         add_header Strict-Transport-Security 'max-age=6912000';
+         add_header Strict-Transport-Security 'max-age=63072000';
diff --git a/templates/web.ssl.template.yml b/templates/web.ssl.template.yml
index b1ce92875248d946627916769532c7b7519f84d1..17cadad82e2ee003dc92a7e08fa4214ee5389ad9 100644 (file)
--- a/templates/web.ssl.template.yml
+++ b/templates/web.ssl.template.yml
@@ -3,7 +3,7 @@ run:
      cmd:
        # Generate strong Diffie-Hellman parameters
        - "mkdir -p /shared/ssl/"
-       - "[ -e /shared/ssl/dhparams.pem ] || openssl dhparam -out /shared/ssl/dhparams.pem 2048"
+       - "[ -e /shared/ssl/dhparams.pem ] || openssl dhparam -out /shared/ssl/dhparams.pem 4096"
   - replace:
      filename: "/etc/nginx/conf.d/discourse.conf"
      from: /server.+{/