diff options
| -rw-r--r-- | modules/websites/default.nix | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/modules/websites/default.nix b/modules/websites/default.nix index e69080e9..767a7b23 100644 --- a/modules/websites/default.nix +++ b/modules/websites/default.nix | |||
| @@ -204,6 +204,14 @@ in | |||
| 204 | stateDir = "/run/httpd_${name}"; | 204 | stateDir = "/run/httpd_${name}"; |
| 205 | logPerVirtualHost = true; | 205 | logPerVirtualHost = true; |
| 206 | multiProcessingModule = "worker"; | 206 | multiProcessingModule = "worker"; |
| 207 | # https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=intermediate&openssl=1.0.2t&guideline=5.4 | ||
| 208 | sslProtocols = "all -SSLv3 -TLSv1 -TLSv1.1"; | ||
| 209 | sslCiphers = builtins.concatStringsSep ":" [ | ||
| 210 | "ECDHE-ECDSA-AES128-GCM-SHA256" "ECDHE-RSA-AES128-GCM-SHA256" | ||
| 211 | "ECDHE-ECDSA-AES256-GCM-SHA384" "ECDHE-RSA-AES256-GCM-SHA384" | ||
| 212 | "ECDHE-ECDSA-CHACHA20-POLY1305" "ECDHE-RSA-CHACHA20-POLY1305" | ||
| 213 | "DHE-RSA-AES128-GCM-SHA256" "DHE-RSA-AES256-GCM-SHA384" | ||
| 214 | ]; | ||
| 207 | inherit (icfg) adminAddr; | 215 | inherit (icfg) adminAddr; |
| 208 | logFormat = "combinedVhost"; | 216 | logFormat = "combinedVhost"; |
| 209 | extraModules = lists.unique icfg.modules; | 217 | extraModules = lists.unique icfg.modules; |