peterkimzz integration and dhparam
This commit is contained in:
parent
b0e4740a7d
commit
95a76b11fa
|
@ -0,0 +1,8 @@
|
|||
-----BEGIN DH PARAMETERS-----
|
||||
MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
|
||||
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
|
||||
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
|
||||
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
|
||||
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
|
||||
ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
|
||||
-----END DH PARAMETERS-----
|
|
@ -5,3 +5,5 @@ ssl_protocols %HTTPS_PROTOCOLS%;
|
|||
ssl_prefer_server_ciphers off;
|
||||
ssl_session_tickets off;
|
||||
%STRICT_TRANSPORT_SECURITY%
|
||||
%SSL_DHPARAM%
|
||||
%SSL_CIPHERS%
|
||||
|
|
|
@ -84,7 +84,7 @@ BLOCK_PROXIES="${BLOCK_PROXIES-yes}"
|
|||
BLOCK_ABUSERS="${BLOCK_ABUSERS-yes}"
|
||||
AUTO_LETS_ENCRYPT="${AUTO_LETS_ENCRYPT-no}"
|
||||
HTTP2="${HTTP2-yes}"
|
||||
HTTPS_PROTOCOLS="${HTTPS_PROTOCOLS-TLSv1.3}"
|
||||
HTTPS_PROTOCOLS="${HTTPS_PROTOCOLS-TLSv1.2 TLSv1.3}"
|
||||
STRICT_TRANSPORT_SECURITY="${STRICT_TRANSPORT_SECURITY-max-age=31536000}"
|
||||
USE_MODSECURITY="${USE_MODSECURITY-yes}"
|
||||
USE_MODSECURITY_CRS="${USE_MODSECURITY_CRS-yes}"
|
||||
|
@ -262,10 +262,13 @@ if [ "$AUTO_LETS_ENCRYPT" = "yes" ] || [ "$USE_CUSTOM_HTTPS" = "yes" ] || [ "$GE
|
|||
else
|
||||
replace_in_file "/etc/nginx/https.conf" "%HTTP2%" ""
|
||||
fi
|
||||
if [ "$HTTPS_PROTOCOLS" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/https.conf" "%HTTPS_PROTOCOLS%" "$HTTPS_PROTOCOLS"
|
||||
replace_in_file "/etc/nginx/https.conf" "%HTTPS_PROTOCOLS%" "$HTTPS_PROTOCOLS"
|
||||
if [ "$(echo $lel | grep TLSv1.2)" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/https.conf" "%SSL_DHPARAM%" "ssl_dhparam /etc/nginx/dhparam;"
|
||||
replace_in_file "/etc/nginx/https.conf" "%SSL_CIPHERS%" "ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;"
|
||||
else
|
||||
replace_in_file "/etc/nginx/https.conf" "%HTTPS_PROTOCOLS%" ""
|
||||
replace_in_file "/etc/nginx/https.conf" "%SSL_DHPARAM%" ""
|
||||
replace_in_file "/etc/nginx/https.conf" "%SSL_CIPHERS%" ""
|
||||
fi
|
||||
if [ "$STRICT_TRANSPORT_SECURITY" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/https.conf" "%STRICT_TRANSPORT_SECURITY%" "more_set_headers 'Strict-Transport-Security: $STRICT_TRANSPORT_SECURITY';"
|
||||
|
|
Loading…
Reference in New Issue