]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/imagery/templates/default/nginx_imagery.conf.erb
projects / chef.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Default to using the upstream repository for postgres
[chef.git] / cookbooks / imagery / templates / default / nginx_imagery.conf.erb
diff --git a/cookbooks/imagery/templates/default/nginx_imagery.conf.erb b/cookbooks/imagery/templates/default/nginx_imagery.conf.erb
index b95bc601f9e56bbcbb5b5031ead5d5ebfe99e0b8..ee5692b6cdbdea51b6595a67f5ed035dd9bbc788 100644 (file)
--- a/cookbooks/imagery/templates/default/nginx_imagery.conf.erb
+++ b/cookbooks/imagery/templates/default/nginx_imagery.conf.erb
@@ -31,6 +31,10 @@ server {
     add_header Strict-Transport-Security "<%= node[:ssl][:strict_transport_security] %>" always;
 <% end -%>
 
+    # Requests sent within early data are subject to replay attacks.
+    # See: http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data
+    ssl_early_data on;
+
     root "/srv/<%= @name %>";
 
     gzip on;
@@ -41,9 +45,6 @@ server {
     gzip_comp_level 9;
     gzip_vary on;
 
-    sendfile   on;
-    tcp_nopush on;
-
     # Include site imagery layers
     include /srv/imagery/nginx/<%= @name %>/layer-*.conf;
 }
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.