X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/d79e2e45dbf37c1c3f5098479c9088ff28e57243..623dcf6bfde3757e54fcc275ae2bbf48582fae61:/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb

diff --git a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb b/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
index 60d7d451f..a517b2075 100644
--- a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
+++ b/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
@@ -50,18 +50,12 @@ server {
 
     proxy_buffers 8 64k;
 
-    ssl_certificate      /etc/ssl/certs/<%= @certificate %>.pem;
-    ssl_certificate_key  /etc/ssl/private/<%= @certificate %>.key;
-
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_ciphers <%= node[:ssl][:ciphers] -%>;
-    ssl_prefer_server_ciphers on;
-    ssl_session_cache shared:SSL:50m;
-    ssl_session_timeout 30m;
-    ssl_stapling on;
-    ssl_dhparam /etc/ssl/certs/dhparam.pem;
-    resolver <%= @resolvers.join(" ") %>;
-    resolver_timeout 5s;
+    ssl_certificate      /etc/ssl/certs/tile.openstreetmap.org.pem;
+    ssl_certificate_key  /etc/ssl/private/tile.openstreetmap.org.key;
+<% if node[:ssl][:strict_transport_security] -%>
+
+    add_header Strict-Transport-Security "<%= node[:ssl][:strict_transport_security] %>" always;
+<% end -%>
 
     location / {
       proxy_pass http://tile_cache_backend;