improve nginx security

roles/webserver/templates/nginx.conf

@@ -43,7 +43,6 @@ http {
         proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
 	    proxy_set_header    Upgrade $http_upgrade;
 	    proxy_set_header    Connection $http_connection;
-        client_max_body_size    8G;
         client_body_buffer_size 128k;
         proxy_connect_timeout   90;
         proxy_send_timeout 120;
@@ -53,6 +52,7 @@ http {
         proxy_busy_buffers_size    256k;
         proxy_buffering    off;
         proxy_request_buffering off;
+        server_tokens off;
 
         server {
 
@@ -69,6 +69,9 @@ http {
             server_name {{ server.domain }};
             ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
             ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
+            {%- if server.bigrequests %}
+            client_max_body_size    8G;
+            {%- endif %}
             location /{
                 proxy_pass  http://127.0.0.1:{{ server.port }};
             }