k 3 nginx: add ssl.force_encryption

author: makefu <github@syntax-fehler.de> 2016-07-21 16:19:07 +0200
committer: makefu <github@syntax-fehler.de> 2016-07-21 21:03:36 +0200
commit: 77954f4ec07828ae0d9be9392e0c3767c08efff8 (patch)
tree: 8dacab76687c0397b3a312932344cd4ba384502d /2configs/bepasty-dual.nix
parent: d858e2eef9632443082609c5d7db4fe252bfed54 (diff)
1 files changed, 2 insertions, 4 deletions
diff --git a/2configs/bepasty-dual.nix b/2configs/bepasty-dual.nix
index f675c4ac8..4b5389c32 100644
--- a/2configs/bepasty-dual.nix
+++ b/2configs/bepasty-dual.nix
@@ -45,6 +45,7 @@ in {
             #certificate =   "${sec}/wildcard.krebsco.de.crt";
             #certificate_key = "${sec}/wildcard.krebsco.de.key";
             ciphers = "RC4:HIGH:!aNULL:!MD5" ;
+            force_encryption = true;
           };
           locations = singleton ( nameValuePair  "/.well-known/acme-challenge" ''
             root ${acmechall}/${ext-dom}/;
@@ -54,10 +55,7 @@ in {
           ssl_session_timeout  10m;
           ssl_verify_client off;
           proxy_ssl_session_reuse off;
-
-          if ($scheme = http){
-            return 301 https://$server_name$request_uri;
-          }'';
+          '';
         };
         defaultPermissions = "read";
         secretKey = secKey;
author	makefu <github@syntax-fehler.de>	2016-07-21 16:19:07 +0200
committer	makefu <github@syntax-fehler.de>	2016-07-21 21:03:36 +0200
commit	77954f4ec07828ae0d9be9392e0c3767c08efff8 (patch)
tree	8dacab76687c0397b3a312932344cd4ba384502d /2configs/bepasty-dual.nix
parent	d858e2eef9632443082609c5d7db4fe252bfed54 (diff)