From 3549b8594ad3361558afd7a0c9a8b343b30298cc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= <greg@karekinian.com>
Date: Fri, 7 Apr 2017 18:26:49 +0200
Subject: [PATCH] Enable IPv6 and HTTP2 on Mastodon

---
 .../templates/default/nginx_conf_mastodon.erb      | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb b/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb
index 2f87598..7c9da59 100644
--- a/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb
+++ b/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb
@@ -4,7 +4,8 @@ map $http_upgrade $connection_upgrade {
 }
 
 server {
-  listen 80;
+  listen 80;      # IPv4
+  listen [::]:80; #IPv6
   server_name <%= @server_name %>;
 
   access_log "/var/log/nginx/mastodon.access.log";
@@ -19,18 +20,13 @@ server {
 }
 
 server {
-  listen 443 ssl;
+  listen 443 ssl http2;      #IPv4
+  listen [::]:443 ssl http2; #IPv6
   server_name <%= @server_name %>;
 
   access_log "/var/log/nginx/mastodon.access.log";
   error_log "/var/log/nginx/mastodon.error.log";
 
-  ssl_protocols TLSv1.2;
-  ssl_ciphers EECDH+AESGCM:EECDH+AES;
-  ssl_ecdh_curve secp384r1;
-  ssl_prefer_server_ciphers on;
-  ssl_session_cache shared:SSL:10m;
-
   <% if File.exist?(@ssl_cert) &&
         File.exist?(@ssl_key) -%>
   ssl_certificate     <%= @ssl_cert %>;
@@ -44,7 +40,7 @@ server {
 
   root <%= @mastodon_path %>/public;
 
-  # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
+  add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
 
   location / {
     try_files $uri @proxy;