Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

https fix

Browse Source
This commit is contained in:
bunkerity 2020-10-30 10:56:41 +01:00
parent 95a76b11fa
commit 8623510f8c
No known key found for this signature in database
GPG Key ID: 654FFF51CEF7CC47
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
confs/https.conf
View File

@ -4,6 +4,8 @@ ssl_certificate_key %HTTPS_KEY%;
ssl_protocols %HTTPS_PROTOCOLS%; ssl_protocols %HTTPS_PROTOCOLS%;
ssl_prefer_server_ciphers off; ssl_prefer_server_ciphers off;
ssl_session_tickets off; ssl_session_tickets off;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
%STRICT_TRANSPORT_SECURITY% %STRICT_TRANSPORT_SECURITY%
%SSL_DHPARAM% %SSL_DHPARAM%
%SSL_CIPHERS% %SSL_CIPHERS%

2
entrypoint.sh
View File

@ -263,7 +263,7 @@ if [ "$AUTO_LETS_ENCRYPT" = "yes" ] || [ "$USE_CUSTOM_HTTPS" = "yes" ] || [ "$GE
replace_in_file "/etc/nginx/https.conf" "%HTTP2%" "" replace_in_file "/etc/nginx/https.conf" "%HTTP2%" ""
fi fi
replace_in_file "/etc/nginx/https.conf" "%HTTPS_PROTOCOLS%" "$HTTPS_PROTOCOLS" replace_in_file "/etc/nginx/https.conf" "%HTTPS_PROTOCOLS%" "$HTTPS_PROTOCOLS"
if [ "$(echo $lel | grep TLSv1.2)" != "" ] ; then if [ "$(echo $HTTPS_PROTOCOLS | grep TLSv1.2)" != "" ] ; then
replace_in_file "/etc/nginx/https.conf" "%SSL_DHPARAM%" "ssl_dhparam /etc/nginx/dhparam;" replace_in_file "/etc/nginx/https.conf" "%SSL_DHPARAM%" "ssl_dhparam /etc/nginx/dhparam;"
replace_in_file "/etc/nginx/https.conf" "%SSL_CIPHERS%" "ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;" replace_in_file "/etc/nginx/https.conf" "%SSL_CIPHERS%" "ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;"
else else