haproxy: set min tls version to 1.2, generate dhparam file
This commit is contained in:
parent
673c3d52f3
commit
b0ce68bd99
|
@ -155,6 +155,11 @@
|
|||
1965
|
||||
];
|
||||
|
||||
security.dhparams = {
|
||||
enable = true;
|
||||
params.haproxy = { };
|
||||
};
|
||||
|
||||
# DNS records IN AAAA {www.,}c3d2.de point to this host but
|
||||
# gemini:// is served on c3d2-web only
|
||||
systemd.services.gemini-forward = {
|
||||
|
|
|
@ -109,6 +109,10 @@ in
|
|||
services.haproxy = {
|
||||
enable = true;
|
||||
config = ''
|
||||
global
|
||||
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
|
||||
ssl-dh-param-file ${config.security.dhparams.params.nginx.path}
|
||||
|
||||
defaults
|
||||
timeout client 30000
|
||||
timeout connect 5000
|
||||
|
|
Loading…
Reference in New Issue