--- # file: roles/nginx/defaults/main.yml # path config nginx_confd_path: /etc/nginx/conf.d # parent directory of vhost roots nginx_root_prefix: /var/www # 1 hour timeout nginx_ssl_session_timeout: 1h # 10MB -> 40,000 sessions nginx_ssl_session_cache: shared:SSL:10m # 1400 bytes to fit in one MTU (default is 16k!) nginx_ssl_buffer_size: 1400 nginx_ssl_dhparam: /etc/ssl/certs/dhparam.pem nginx_ssl_protocols: 'TLSv1 TLSv1.1 TLSv1.2' # Enable HTTP Strict Transport Security? # True on production, False on development! nginx_enable_hsts: True # TLS key directory tls_key_dir: /etc/ssl/private # stable is 1.8.x # mainline is 1.9.x nginx_version: mainline # vim: set ts=2 sw=2: