20690: Sets nginx snippets on its own pillar sls file.

[arvados.git] / tools / salt-install / config_examples / multi_host / aws / pillars / nginx_passenger.sls

diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_passenger.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_passenger.sls
index de4c830906ff3418a22fe06175173424b816aec1..82f1b91bb5ba4efb997f9f7da2c14b4a58f13e81 100644 (file)
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_passenger.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_passenger.sls
@@ -58,35 +58,6 @@ nginx:
       events:
         worker_connections: {{ max_reqs * 3 + 1 }}
 
-  ### SNIPPETS
-  snippets:
-    # Based on https://ssl-config.mozilla.org/#server=nginx&version=1.14.2&config=intermediate&openssl=1.1.1d&guideline=5.4
-    ssl_hardening_default.conf:
-      - ssl_session_timeout: 1d
-      - ssl_session_cache: 'shared:arvadosSSL:10m'
-      - ssl_session_tickets: 'off'
-
-      # intermediate configuration
-      - ssl_protocols: TLSv1.2 TLSv1.3
-      - ssl_ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
-      - ssl_prefer_server_ciphers: 'off'
-
-      # HSTS (ngx_http_headers_module is required) (63072000 seconds)
-      - add_header: 'Strict-Transport-Security "max-age=63072000" always'
-
-      # OCSP stapling
-      - ssl_stapling: 'on'
-      - ssl_stapling_verify: 'on'
-
-      # verify chain of trust of OCSP response using Root CA and Intermediate certs
-      # - ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates
-
-      # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
-      # - ssl_dhparam: /path/to/dhparam
-
-      # replace with the IP address of your resolver
-      # - resolver: 127.0.0.1
-
   ### SITES
   servers:
     managed: