nginx: do some tls hardening

author: Christian Pointner <equinox@spreadspace.org> 2019-11-08 23:28:20 +0100
committer: Christian Pointner <equinox@spreadspace.org> 2019-11-08 23:28:20 +0100
commit: 965497e2653fcf39f2082cc23d12b764c5c0dca1 (patch)
tree: 86c5977dcbeaee2a10dc76da4603eb283e460ecf /roles/nginx/vhost/templates
parent: minor formatting fix (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2 b/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2
index 1003ab88..b943b2e4 100644
--- a/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2
+++ b/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2
@@ -16,7 +16,7 @@ server {
     server_name {{ nginx_vhost.hostnames | join(' ') }};
 
     include snippets/acmetool.conf;
-    include snippets/ssl.conf;
+    include snippets/tls{% if 'tls_variant' in nginx_vhost %}-{{ nginx_vhost.tls_variant }}{% endif %}.conf;
     ssl_certificate     /var/lib/acme/live/{{ nginx_vhost.hostnames[0] }}/fullchain;
     ssl_certificate_key /var/lib/acme/live/{{ nginx_vhost.hostnames[0] }}/privkey;
     include snippets/hsts.conf;
author	Christian Pointner <equinox@spreadspace.org>	2019-11-08 23:28:20 +0100
committer	Christian Pointner <equinox@spreadspace.org>	2019-11-08 23:28:20 +0100
commit	965497e2653fcf39f2082cc23d12b764c5c0dca1 (patch)
tree	86c5977dcbeaee2a10dc76da4603eb283e460ecf /roles/nginx/vhost/templates
parent	minor formatting fix (diff)