Compare commits

..

3 Commits

2 changed files with 12 additions and 2 deletions

View File

@ -21,11 +21,15 @@ ingress_container_networks:
ingress_container_certbot_email: rehashedsalt@cock.li
# General Nginx configuration
ingress_listen_args: "443 ssl"
ingress_listen_args: "443 http2 ssl"
ingress_resolver: 8.8.8.8
# This non-obvious setting controls whether directives for certificates will be added to hosts
# Set to "no" if you do not plan on terminating TLS at the ingress controller, like when using
# a custom container that *doesn't* automatically-provision LE certs
ingress_listen_tls: yes
ingress_tls_protocols: TLSv1.2 TLSv1.3
ingress_tls_ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ingress_tls_prefer_server_ciphers: "off"
# Vhost configuration
# ingress_servers:

View File

@ -3,7 +3,7 @@ server {
{% if loop.index == 1 %}
listen {{ ingress_listen_args }} default_server;
{% else %}
listen {{ ingress_listen_args }} ssl;
listen {{ ingress_listen_args }};
{% endif %}
server_name {{ server.name }};
@ -13,6 +13,11 @@ server {
ssl_certificate_key /etc/letsencrypt/live/{{ ingress_servers[0].name }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ ingress_servers[0].name }}/chain.pem;
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_protocols {{ ingress_tls_protocols }};
ssl_ciphers {{ ingress_tls_ciphers }};
ssl_prefer_server_ciphers {{ ingress_tls_prefer_server_ciphers }};
{% endif %}
{% if server.directives is defined %}
@ -49,5 +54,6 @@ server {
{% endfor %}
{% endif %}
resolver {{ ingress_resolver }};
}
{% endfor %}