potluck-nginx 0.0.1 → 0.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/potluck/nginx/ssl.rb +8 -6
  3. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 599537fcab6df50b0126d73460295be4b366101667ad4c2317199b361153a5c1
4
- data.tar.gz: 6a38b16b915efa971b1b93361dd1b995937b67a61031376879cf0aae857438be
3
+ metadata.gz: bc33a9aab81524eb41a2c734599b947bf3893cf62c72de1edeaee25850961500
4
+ data.tar.gz: 4802c81ccc6c0fabdb2bbfe2c77db4d9798ac9af9f4a827fb5816ca81c991295
5
5
  SHA512:
6
- metadata.gz: f007969613094559c4b68707b8bf87f570def7da9b5122673de84ca2a4c45409450ba348f7d8ff522191188afacdf1cf1a94c15f1a0b4cc36419e446ca921644
7
- data.tar.gz: 6c3672941908c91d9151e7863ed0cb93c7e7ebf4463bcc2b7c8d997ac3baf529ef124bad4a1733c33ee3221a12cfad0cd41c60f72f85f9f2c1921f4d2646a436
6
+ metadata.gz: 64c6f24f5a322452320f942ea7feefab6afa9970c96786cf0807f261f2209e1f29c4229454e1e65629d408b282abc304821e7163ccf6d622c26802109bb6d2f5
7
+ data.tar.gz: c5133b05bd80ec716eaf60f7ea41cc0c44c643d54ea729dcc36c6e8df3fdbc0cdeb4037d34097f25233b31f6138468efc64762397338803b4ae5091dfab333d1
data/lib/potluck/nginx/ssl.rb CHANGED
@@ -5,14 +5,16 @@ require('time')
5
5
  module Potluck
6
6
  class Nginx < Dish
7
7
  class SSL
8
- # Based on https://hackernoon.com/how-properly-configure-nginx-server-for-tls-sg1d3udt
8
+ # Reference: https://ssl-config.mozilla.org/#server=nginx&config=intermediate&guideline=5.6
9
9
  DEFAULT_CONFIG = {
10
- 'ssl_ciphers' => 'ECDH+AESGCM:ECDH+AES256-CBC:ECDH+AES128-CBC:DH+3DES:!ADH:!AECDH:!MD5',
11
- 'ssl_prefer_server_ciphers' => 'on',
10
+ 'ssl_ciphers' => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM'\
11
+ '-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:D'\
12
+ 'HE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384',
13
+ 'ssl_prefer_server_ciphers' => 'off',
12
14
  'ssl_protocols' => 'TLSv1.2 TLSv1.3',
13
- 'ssl_session_cache' => 'shared:SSL:40m',
14
- 'ssl_session_tickets' => 'on',
15
- 'ssl_session_timeout' => '4h',
15
+ 'ssl_session_cache' => 'shared:SSL:10m',
16
+ 'ssl_session_tickets' => 'off',
17
+ 'ssl_session_timeout' => '1d',
16
18
  'add_header' => {
17
19
  repeat: true,
18
20
  'Strict-Transport-Security' => '\'max-age=31536000; includeSubDomains\' always',
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: potluck-nginx
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nate Pickens
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-03-27 00:00:00.000000000 Z
11
+ date: 2021-12-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: potluck
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.0.1
19
+ version: 0.0.2
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.0.1
26
+ version: 0.0.2
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: bundler
29
29
  requirement: !ruby/object:Gem::Requirement