diff options
Diffstat (limited to 'src/flufigut.py')
-rwxr-xr-x | src/flufigut.py | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/flufigut.py b/src/flufigut.py index 94c393d..ada1813 100755 --- a/src/flufigut.py +++ b/src/flufigut.py @@ -638,6 +638,14 @@ class Planet: hostname = "%s-%s%d" % (hostname_prefix, self.workers[worker_name]['flags']['stream'], (self.workers[worker_name]['flags']['stream-index'] + 1)) conf = {'listen': listen, 'protocol': 'http'} + if not for_onion: + conf['protocol'] = 'http+https' + conf['tls'] = {'min-protocol-version': 'TLSv1', 'prefer-server-ciphers': True} + conf['tls']['certificate'] = '/srv/acme/fullchain' + conf['tls']['certificate-key'] = '/srv/acme/privkey' + conf['tls']['ciphers'] = ['ECDHE_RSA_WITH_AES_256_GCM_SHA384', + 'ECDHE_RSA_WITH_AES_256_CBC_SHA', 'RSA_WITH_AES_256_GCM_SHA384', 'RSA_WITH_AES_256_CBC_SHA'] + conf['tls']['ecdh-curves'] = ['secp521r1', 'secp384r1', 'secp256r1'] conf['connect'] = 'http://flumotion-worker-' + self.workers[worker_name]['name'] + ':8000' conf['request_header'] = [{'op': 'del', 'header': 'X-Forwarded-For'}] conf['response_header'] = [{'op': 'set', 'header': 'Cache-Control', 'value': 'no-cache'}, |