From 49e5cb311e28654e987f36f3759bc25a7997a90c Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Wed, 8 Jul 2020 16:05:48 -0400
Subject: [PATCH] [fix][WIP] set ssl cert for redirect 443 server block

---
 salt/nginx/etc/nginx.conf | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf
index 0d58eeeb7..f4502d950 100644
--- a/salt/nginx/etc/nginx.conf
+++ b/salt/nginx/etc/nginx.conf
@@ -67,9 +67,16 @@ http {
 	}
 
 	server {
-		listen 443 default_server;
+		listen 443 ssl http2 default_server;
 		server_name _;
 		return 301 https://{{ url_base }}$request_uri;
+
+		ssl_certificate "/etc/pki/nginx/server.crt";
+		ssl_certificate_key "/etc/pki/nginx/server.key";
+		ssl_session_cache shared:SSL:1m;
+		ssl_session_timeout  10m;
+		ssl_ciphers HIGH:!aNULL:!MD5;
+		ssl_prefer_server_ciphers on;
 	}
 
 	server {