disable tls settings

2017-11-28 23:41:54 +01:00
parent f9466bd8de 5f7acd102b
commit 369be462f2
1 changed files with 21 additions and 0 deletions
--- a/services/nginx.nix.orig
+++ b/services/nginx.nix.orig
@@ -0,0 +1,21 @@
+{ config, pkgs, ... }:
+
+
+{
+
+networking.firewall.allowedTCPPorts = [80 443];
+
+services.nginx = {
+        enable = true;
+        recommendedGzipSettings = true;
+        recommendedOptimisation = true;
+        recommendedProxySettings = true;
+<<<<<<< HEAD
+        recommendedTlsSettings = false;
+=======
+        recommendedTlsSettings = true;
+        sslCiphers ="ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!AES128";
+
+>>>>>>> 5f7acd102b79f7c454d0472d0bb2edfaf140640f
+    };
+}