]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/tilecache/templates/default/nginx_tile.conf.erb
projects / chef.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
nginx: enable TLS 1.3
[chef.git] / cookbooks / tilecache / templates / default / nginx_tile.conf.erb
diff --git a/cookbooks/tilecache/templates/default/nginx_tile.conf.erb b/cookbooks/tilecache/templates/default/nginx_tile.conf.erb
index a6962d89331fcdfdb12bda847e737e0fa924b07d..611bd4a73a52cab8e72c331110ae54055f64567d 100644 (file)
--- a/cookbooks/tilecache/templates/default/nginx_tile.conf.erb
+++ b/cookbooks/tilecache/templates/default/nginx_tile.conf.erb
@@ -93,6 +93,10 @@ server {
     ssl_certificate      /etc/ssl/certs/tile.openstreetmap.org.pem;
     ssl_certificate_key  /etc/ssl/private/tile.openstreetmap.org.key;
 
+    # Requests sent within early data are subject to replay attacks.
+    # See: http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data
+    ssl_early_data on;
+
     # Immediately 404 layers we do not support
 <% for i in 20..99 do %>
     location /<%= i %>/ {
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.