From 23d76a535f08edbb3c56c7c92d232091c6468bf5 Mon Sep 17 00:00:00 2001
From: Alan Orth <alan.orth@gmail.com>
Date: Sat, 6 Dec 2014 22:19:12 +0300
Subject: [PATCH] roles/nginx: Set nginx SSL session timeout to 24 hours

Default is 5 minutes, but it seems like unless you're a high-traff-
ic site, there's no need to expire sessions so quickly.  Also, the
istlsfastyet.com configs are using 24 hours, so surely we can.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
---
 roles/nginx/templates/https.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/nginx/templates/https.j2 b/roles/nginx/templates/https.j2
index accab37..10d5849 100644
--- a/roles/nginx/templates/https.j2
+++ b/roles/nginx/templates/https.j2
@@ -5,7 +5,7 @@
     ssl_certificate {{ tls_key_dir }}/{{ domain_name }}.crt.pem;
     ssl_certificate_key {{ tls_key_dir }}/{{ domain_name }}.crt.pem;
 
-    ssl_session_timeout 5m;
+    ssl_session_timeout 24h;            # 24 hour timeout
     ssl_session_cache shared:SSL:1m;    # 1MB -> 4,000 sessions
     ssl_buffer_size 1400;               # 1400 bytes to fit in one MTU