defaults/main.yml

---
hsts_max_age: 300 #for staging and safty reasons(it's a one-way ticket) 5minutes, you should consider to set 2 years(63072000)
letsencrypt_staging: false
default_url: https://github.com/stuvusIT/reverse_proxy
server_names_hash_bucket_size: 64
default_cert_mode: '0400'
default_cert_group: root
default_cert_owner: root
reverse_proxy_use_dhparam: True
reverse_proxy_dhparam_path: /etc/ssl/dhparam.pem
reverse_proxy_dhparam_size: 2048
reverse_proxy_dhparam_max_age: 5184000  # 60 days
reverse_proxy_ssl_session_timeout: 1d
reverse_proxy_ssl_session_cache: shared:SSL:10m
reverse_proxy_ssl_session_tickets: False
reverse_proxy_ssl_protocols:
  - TLSv1.2
  - TLSv1.3
reverse_proxy_ssl_ciphers:
  - ECDHE-ECDSA-AES128-GCM-SHA256
  - ECDHE-RSA-AES128-GCM-SHA256
  - ECDHE-ECDSA-AES256-GCM-SHA384
  - ECDHE-RSA-AES256-GCM-SHA384
  - ECDHE-ECDSA-CHACHA20-POLY1305
  - ECDHE-RSA-CHACHA20-POLY1305
  - DHE-RSA-AES128-GCM-SHA256
  - DHE-RSA-AES256-GCM-SHA384
reverse_proxy_ssl_prefer_server_ciphers: True
reverse_proxy_ssl_stapling: True
reverse_proxy_default_proxy_ssl_verify: False
reverse_proxy_redirect_to_first_domain: True
reverse_proxy_redirect_to_first_domain_code: 302
reverse_proxy_redirect_code: 302
reverse_proxy_https_redirect_code: 302
reverse_proxy_error_log: /var/log/nginx/error.log
reverse_proxy_upstreams: {}
reverse_proxy_cache_paths: {}
reverse_proxy_additional_http_locations: {}
reverse_proxy_keep_until_expiring: True
reverse_proxy_force_renew: False
reverse_proxy_additional_config: ''
default_crypto: true
client_max_body_size: 1m
domain_suffixes:
  - ""
domain_prefixes:
  - ""