thomas
/
sovereign
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

don't enable HSTS when using self-signed SSL. otherwise browsers can't access site at all.

Thomas Buck 1 year ago
parent
b12aa08e13
commit
1d78b79f64
1 changed files with 0 additions and 2 deletions
Split View Show Diff Stats
  1. 0
    2
      roles/sslselfsigned/templates/etc_apache2_conf-available_ssl.conf.j2

+ 0
- 2
roles/sslselfsigned/templates/etc_apache2_conf-available_ssl.conf.j2 View File 

@@ -10,5 +10,3 @@ SSLCertificateKeyFile	/etc/letsencrypt/live/{{ domain }}/privkey.pem
10 10 
 SSLCertificateFile	/etc/letsencrypt/live/{{ domain }}/fullchain.pem
11 11
12 12 
 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
13 
-
14 
-Header add Strict-Transport-Security "max-age=15768000; includeSubdomains"

Write Preview
Loading…
Cancel
Save