summaryrefslogtreecommitdiffstats
path: root/makefu/2configs/bepasty-dual.nix
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2016-07-21 16:19:07 +0200
committermakefu <github@syntax-fehler.de>2016-07-21 21:03:36 +0200
commit864e711114b048e875f0d73eeefdca436eebea00 (patch)
tree949551dcd2a00674db67341e68440ec03bfd181b /makefu/2configs/bepasty-dual.nix
parentbfc2aa3b236813945ca4f2b5d683d51c82e983b7 (diff)
k 3 nginx: add ssl.force_encryption
Diffstat (limited to 'makefu/2configs/bepasty-dual.nix')
-rw-r--r--makefu/2configs/bepasty-dual.nix6
1 files changed, 2 insertions, 4 deletions
diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix
index f675c4ac8..4b5389c32 100644
--- a/makefu/2configs/bepasty-dual.nix
+++ b/makefu/2configs/bepasty-dual.nix
@@ -45,6 +45,7 @@ in {
#certificate = "${sec}/wildcard.krebsco.de.crt";
#certificate_key = "${sec}/wildcard.krebsco.de.key";
ciphers = "RC4:HIGH:!aNULL:!MD5" ;
+ force_encryption = true;
};
locations = singleton ( nameValuePair "/.well-known/acme-challenge" ''
root ${acmechall}/${ext-dom}/;
@@ -54,10 +55,7 @@ in {
ssl_session_timeout 10m;
ssl_verify_client off;
proxy_ssl_session_reuse off;
-
- if ($scheme = http){
- return 301 https://$server_name$request_uri;
- }'';
+ '';
};
defaultPermissions = "read";
secretKey = secKey;