k 3 nginx: add ssl.force_encryption

author: makefu <github@syntax-fehler.de> 2016-07-21 16:19:07 +0200
committer: makefu <github@syntax-fehler.de> 2016-07-21 21:03:36 +0200
commit: 864e711114b048e875f0d73eeefdca436eebea00 (patch)
tree: 949551dcd2a00674db67341e68440ec03bfd181b /makefu/2configs/bepasty-dual.nix
parent: bfc2aa3b236813945ca4f2b5d683d51c82e983b7 (diff)
1 files changed, 2 insertions, 4 deletions
diff --git a/makefu/2configs/bepasty-dual.nix b/makefu/2configs/bepasty-dual.nix
index f675c4ac8..4b5389c32 100644
--- a/makefu/2configs/bepasty-dual.nix
+++ b/makefu/2configs/bepasty-dual.nix
@@ -45,6 +45,7 @@ in {
             #certificate =   "${sec}/wildcard.krebsco.de.crt";
             #certificate_key = "${sec}/wildcard.krebsco.de.key";
             ciphers = "RC4:HIGH:!aNULL:!MD5" ;
+            force_encryption = true;
           };
           locations = singleton ( nameValuePair  "/.well-known/acme-challenge" ''
             root ${acmechall}/${ext-dom}/;
@@ -54,10 +55,7 @@ in {
           ssl_session_timeout  10m;
           ssl_verify_client off;
           proxy_ssl_session_reuse off;
-
-          if ($scheme = http){
-            return 301 https://$server_name$request_uri;
-          }'';
+          '';
         };
         defaultPermissions = "read";
         secretKey = secKey;
author	makefu <github@syntax-fehler.de>	2016-07-21 16:19:07 +0200
committer	makefu <github@syntax-fehler.de>	2016-07-21 21:03:36 +0200
commit	864e711114b048e875f0d73eeefdca436eebea00 (patch)
tree	949551dcd2a00674db67341e68440ec03bfd181b /makefu/2configs/bepasty-dual.nix
parent	bfc2aa3b236813945ca4f2b5d683d51c82e983b7 (diff)