Update nginx to 1.17.3, enable TLS 1.3

Uses the current intermediate recommended config from
https://ssl-config.mozilla.org

Closes #92

site-cookbooks/kosmos-nginx/recipes/default.rb

@@ -44,6 +44,13 @@ node.override['nginx']['repo_source'] = 'nginx' # Install from official repo
 node.override['nginx']['upstream_repository'] = "http://nginx.org/packages/mainline/#{node['platform']}"
 include_recipe 'nginx'
 
+# Override the nginx package resource to set a specific version, allowing
+# to upgrade it
+edit_resource!(:package, 'nginx') do
+  version "1.17.3-1~#{node['lsb']['codename']}"
+  notifies :reload, 'ohai[reload_nginx]', :immediately
+end
+
 # Generate Strong Diffie-Hellman Group (increases security)
 # https://weakdh.org/sysadmin.html
 openssl_dhparam "/etc/ssl/private/dhparams.pem" do