Setting ssl configuration as per recommendation (#170)

* Setting ssl configuration as per recommendation

* removing duplicate entries

reverse-proxy/content/nginx.conf

@@ -30,14 +30,19 @@ http {
     access_log /app/logs/access.log  upstreaminfo;
     error_log  /app/logs/error.log;
 
+    ssl_protocols               TLSv1.2;
+
     server {
-        listen              10080;
-        listen              10443 ssl;
-        ssl                 on;
-        server_name         reverseproxy 127.0.0.1;
-        ssl_certificate     /app/certs/tls.crt;
-        ssl_certificate_key /app/certs/tls.key;
-        ssl_protocols       TLSv1.2;
+        listen                      10080;
+        listen                      10443 ssl;
+        ssl                         on;
+        ssl_ciphers                 ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA;
+        ssl_prefer_server_ciphers   on;
+        server_name                 reverseproxy 127.0.0.1;
+        ssl_certificate             /app/certs/tls.crt;
+        ssl_certificate_key         /app/certs/tls.key;
+
+        add_header                  Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
 
         # Disable caching behavior for now
         # TODO: enable cache for static content later