- ---
- nginx_ssl_protocols: "TLSv1.2 TLSv1.3"
- nginx_ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256"
- nginx_hsts_max_age: 31536000
- nginx_rate_limit_req_zone: "$binary_remote_addr zone=general:10m rate=30r/m"
- nginx_client_max_body_size: "10m"
- nginx_proxy_read_timeout: 60
- # Services that need a port-80 → HTTPS redirect added.
- # List only services that do NOT already have a redirect in their existing config.
- nginx_redirect_services:
- - name: service1
- server_name: service1.example.com
- - name: service2
- server_name: service2.example.com
|
