From 965497e2653fcf39f2082cc23d12b764c5c0dca1 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Fri, 8 Nov 2019 23:28:20 +0100
Subject: nginx: do some tls hardening

---
 .../nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2')

diff --git a/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2 b/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2
index 1003ab88..b943b2e4 100644
--- a/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2
+++ b/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2
@@ -16,7 +16,7 @@ server {
     server_name {{ nginx_vhost.hostnames | join(' ') }};
 
     include snippets/acmetool.conf;
-    include snippets/ssl.conf;
+    include snippets/tls{% if 'tls_variant' in nginx_vhost %}-{{ nginx_vhost.tls_variant }}{% endif %}.conf;
     ssl_certificate     /var/lib/acme/live/{{ nginx_vhost.hostnames[0] }}/fullchain;
     ssl_certificate_key /var/lib/acme/live/{{ nginx_vhost.hostnames[0] }}/privkey;
     include snippets/hsts.conf;
-- 
cgit v1.2.3