X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/144c6c69cc3ac0ae376ec71c202e6fb6e07f5cda..e04617420b4bac3642d100626db7fbc939254d5c:/cookbooks/imagery/templates/default/nginx_imagery.conf.erb

diff --git a/cookbooks/imagery/templates/default/nginx_imagery.conf.erb b/cookbooks/imagery/templates/default/nginx_imagery.conf.erb
index b0fd86910..ec8a7ca31 100644
--- a/cookbooks/imagery/templates/default/nginx_imagery.conf.erb
+++ b/cookbooks/imagery/templates/default/nginx_imagery.conf.erb
@@ -14,16 +14,10 @@ server {
 
     ssl_certificate /etc/ssl/certs/<%= @name %>.pem;
     ssl_certificate_key /etc/ssl/private/<%= @name %>.key;
+<% if node[:ssl][:strict_transport_security] -%>
 
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_ciphers <%= node[:ssl][:ciphers] -%>;
-    ssl_prefer_server_ciphers on;
-    ssl_session_cache shared:SSL:50m;
-    ssl_session_timeout 30m;
-    ssl_stapling on;
-    ssl_dhparam /etc/ssl/certs/dhparam.pem;
-    resolver <%= @resolvers.join(" ") %>;
-    resolver_timeout 5s;
+    add_header Strict-Transport-Security "<%= node[:ssl][:strict_transport_security] %>" always;
+<% end -%>
 
     root "/srv/<%= @name %>";