diff options
-rw-r--r-- | chaos-at-home/ch-http-proxy.yml | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/chaos-at-home/ch-http-proxy.yml b/chaos-at-home/ch-http-proxy.yml index 92076588..627343e6 100644 --- a/chaos-at-home/ch-http-proxy.yml +++ b/chaos-at-home/ch-http-proxy.yml @@ -10,13 +10,6 @@ - role: acmetool/base - role: nginx/base post_tasks: - - name: lower minimum tls protocol version to 1.0 - lineinfile: - path: /etc/ssl/openssl.cnf - regexp: '^MinProtocol\s*=' - line: 'MinProtocol = TLSv1' - - #### web.chaos-at-home.org (default-server) - name: create directory for default server file: @@ -141,6 +134,9 @@ - webmail.chaos-at-home.org client_max_body_size: "200M" proxy_pass: "https://{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-prometheus-old']) | ipaddr('address') }}/" + proxy_ssl: + protocols: TLSv1 + ciphers: "DEFAULT@SECLEVEL=1" acmetool_cert_config: request: challenge: @@ -159,6 +155,9 @@ hostnames: - webdav.chaos-at-home.org proxy_pass: "https://{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-prometheus-old']) | ipaddr('address') }}/" + proxy_ssl: + protocols: TLSv1 + ciphers: "DEFAULT@SECLEVEL=1" acmetool_cert_config: request: challenge: |