chore: updated security.conf

templates/security.conf.j2

@@ -1,6 +1,23 @@
 #jinja2: lstrip_blocks: True
 # {{ ansible_managed }}
 
+# SSL Settings
+# generated 2025-01-07, Mozilla Guideline v5.7, nginx 1.22.1 (UNSUPPORTED; end-of-life), OpenSSL 3.0.15, modern config
+# https://ssl-config.mozilla.org/#server=nginx&version=1.22.1&config=modern&openssl=3.0.15&guideline=5.7
+# modern configuration
+ssl_protocols TLSv1.3;
+ssl_ecdh_curve X25519:prime256v1:secp384r1;
+ssl_prefer_server_ciphers off;
+
+ssl_session_tickets off;
+
+# OCSP stapling
+ssl_stapling on;
+ssl_stapling_verify on;
+
+# replace with the IP address of your resolver
+resolver 127.0.0.1;
+
 # Rate limiting
 # https://blog.nginx.org/blog/rate-limiting-nginx
 # https://www.techgrube.de/news-und-infos/nginx-rate-limiting-einstellungen-und-funktion