From c27493e9c2513339f54187960c34491b3b792233 Mon Sep 17 00:00:00 2001 From: Jacob Vosmaer Date: Thu, 14 Aug 2014 17:31:04 +0200 Subject: [PATCH] Add NGINX ssl_timeout parameter --- files/gitlab-cookbooks/gitlab/attributes/default.rb | 1 + files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb | 1 + 2 files changed, 2 insertions(+), 0 deletions(-) diff --git a/files/gitlab-cookbooks/gitlab/attributes/default.rb b/files/gitlab-cookbooks/gitlab/attributes/default.rb index 70a031c..93facf0 100644 --- a/files/gitlab-cookbooks/gitlab/attributes/default.rb +++ b/files/gitlab-cookbooks/gitlab/attributes/default.rb @@ -250,6 +250,7 @@ default['gitlab']['nginx']['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-R default['gitlab']['nginx']['ssl_prefer_server_ciphers'] = "on" default['gitlab']['nginx']['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2" # recommended by https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html default['gitlab']['nginx']['ssl_session_cache'] = "shared:SSL:10m" # recommended in http://nginx.org/en/docs/http/ngx_http_ssl_module.html +default['gitlab']['nginx']['ssl_timeout'] = "5m" # default according to http://nginx.org/en/docs/http/ngx_http_ssl_module.html default['gitlab']['nginx']['listen_address'] = '*' ### diff --git a/files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb b/files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb index 0ac4cca..2ec4905 100644 --- a/files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb +++ b/files/gitlab-cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb @@ -48,6 +48,7 @@ server { ssl_prefer_server_ciphers <%= @ssl_prefer_server_ciphers %>; ssl_protocols <%= @ssl_protocols %>; ssl_session_cache <%= @ssl_session_cache %>; + ssl_timeout <%= @ssl_timeout %>; <% end %> # Increase this if you want to upload large attachments -- libgit2 0.21.2