From 8623510f8c130e3e7377a497f272efd1bf8eb776 Mon Sep 17 00:00:00 2001
From: bunkerity <contact@bunkerity.com>
Date: Fri, 30 Oct 2020 10:56:41 +0100
Subject: [PATCH] https fix

---
 confs/https.conf | 2 ++
 entrypoint.sh    | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/confs/https.conf b/confs/https.conf
index 5e9c91b..5fddfb8 100644
--- a/confs/https.conf
+++ b/confs/https.conf
@@ -4,6 +4,8 @@ ssl_certificate_key %HTTPS_KEY%;
 ssl_protocols %HTTPS_PROTOCOLS%;
 ssl_prefer_server_ciphers off;
 ssl_session_tickets off;
+ssl_session_timeout 1d;
+ssl_session_cache shared:MozSSL:10m;
 %STRICT_TRANSPORT_SECURITY%
 %SSL_DHPARAM%
 %SSL_CIPHERS%
diff --git a/entrypoint.sh b/entrypoint.sh
index 315638a..1f682b6 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -263,7 +263,7 @@ if [ "$AUTO_LETS_ENCRYPT" = "yes" ] || [ "$USE_CUSTOM_HTTPS" = "yes" ] || [ "$GE
 		replace_in_file "/etc/nginx/https.conf" "%HTTP2%" ""
 	fi
 	replace_in_file "/etc/nginx/https.conf" "%HTTPS_PROTOCOLS%" "$HTTPS_PROTOCOLS"
-	if [ "$(echo $lel | grep TLSv1.2)" != "" ] ; then
+	if [ "$(echo $HTTPS_PROTOCOLS | grep TLSv1.2)" != "" ] ; then
 		replace_in_file "/etc/nginx/https.conf" "%SSL_DHPARAM%" "ssl_dhparam /etc/nginx/dhparam;"
 		replace_in_file "/etc/nginx/https.conf" "%SSL_CIPHERS%" "ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;"
 	else