k 3 nginx: add ssl.force_encryption

2016-07-21 16:19:07 +02:00 · 2016-07-21 16:19:07 +02:00 · 77954f4ec0
parent d858e2eef9
commit 77954f4ec0
1 changed files with 2 additions and 4 deletions
--- a/2configs/bepasty-dual.nix
+++ b/2configs/bepasty-dual.nix
@ -45,6 +45,7 @@ in {
            #certificate =   "${sec}/wildcard.krebsco.de.crt";
            #certificate_key = "${sec}/wildcard.krebsco.de.key";
            ciphers = "RC4:HIGH:!aNULL:!MD5" ;
+            force_encryption = true;
          };
          locations = singleton ( nameValuePair  "/.well-known/acme-challenge" ''
            root ${acmechall}/${ext-dom}/;
@ -54,10 +55,7 @@ in {
          ssl_session_timeout  10m;
          ssl_verify_client off;
          proxy_ssl_session_reuse off;
-
-          if ($scheme = http){
-            return 301 https://$server_name$request_uri;
-          }'';
+          '';
        };
        defaultPermissions = "read";
        secretKey = secKey;