haproxy: set min tls version to 1.2, generate dhparam file
This commit is contained in:
parent
673c3d52f3
commit
b0ce68bd99
|
@ -155,6 +155,11 @@
|
||||||
1965
|
1965
|
||||||
];
|
];
|
||||||
|
|
||||||
|
security.dhparams = {
|
||||||
|
enable = true;
|
||||||
|
params.haproxy = { };
|
||||||
|
};
|
||||||
|
|
||||||
# DNS records IN AAAA {www.,}c3d2.de point to this host but
|
# DNS records IN AAAA {www.,}c3d2.de point to this host but
|
||||||
# gemini:// is served on c3d2-web only
|
# gemini:// is served on c3d2-web only
|
||||||
systemd.services.gemini-forward = {
|
systemd.services.gemini-forward = {
|
||||||
|
|
|
@ -109,6 +109,10 @@ in
|
||||||
services.haproxy = {
|
services.haproxy = {
|
||||||
enable = true;
|
enable = true;
|
||||||
config = ''
|
config = ''
|
||||||
|
global
|
||||||
|
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
|
||||||
|
ssl-dh-param-file ${config.security.dhparams.params.nginx.path}
|
||||||
|
|
||||||
defaults
|
defaults
|
||||||
timeout client 30000
|
timeout client 30000
|
||||||
timeout connect 5000
|
timeout connect 5000
|
||||||
|
|
Loading…
Reference in New Issue
Block a user