[New Features]
- Added "HTTPS_PROTOCOLS" environment value to enable to customize TLS version. default value is "TLSv1.3". (because TLSv1.2 sometimes needed) - READMD.md
This commit is contained in:
parent
e843608575
commit
b0e4740a7d
|
@ -364,6 +364,10 @@ Values : *yes* | *no*
|
|||
Default value : *yes*
|
||||
If set to yes, nginx will use HTTP2 protocol when HTTPS is enabled.
|
||||
|
||||
`HTTPS_PROTOCOLS`
|
||||
Values : *TLSv1.2* | *TLSv1.3* | *TLSv1.2 TLSv1.3*
|
||||
Default value : *TLSv1.2 TLSv1.3*
|
||||
|
||||
## ModSecurity
|
||||
|
||||
`USE_MODSECURITY`
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
listen 0.0.0.0:8443 ssl %HTTP2%;
|
||||
ssl_certificate %HTTPS_CERT%;
|
||||
ssl_certificate_key %HTTPS_KEY%;
|
||||
ssl_protocols TLSv1.3;
|
||||
ssl_protocols %HTTPS_PROTOCOLS%;
|
||||
ssl_prefer_server_ciphers off;
|
||||
ssl_session_tickets off;
|
||||
%STRICT_TRANSPORT_SECURITY%
|
||||
|
|
|
@ -84,6 +84,7 @@ BLOCK_PROXIES="${BLOCK_PROXIES-yes}"
|
|||
BLOCK_ABUSERS="${BLOCK_ABUSERS-yes}"
|
||||
AUTO_LETS_ENCRYPT="${AUTO_LETS_ENCRYPT-no}"
|
||||
HTTP2="${HTTP2-yes}"
|
||||
HTTPS_PROTOCOLS="${HTTPS_PROTOCOLS-TLSv1.3}"
|
||||
STRICT_TRANSPORT_SECURITY="${STRICT_TRANSPORT_SECURITY-max-age=31536000}"
|
||||
USE_MODSECURITY="${USE_MODSECURITY-yes}"
|
||||
USE_MODSECURITY_CRS="${USE_MODSECURITY_CRS-yes}"
|
||||
|
@ -261,6 +262,11 @@ if [ "$AUTO_LETS_ENCRYPT" = "yes" ] || [ "$USE_CUSTOM_HTTPS" = "yes" ] || [ "$GE
|
|||
else
|
||||
replace_in_file "/etc/nginx/https.conf" "%HTTP2%" ""
|
||||
fi
|
||||
if [ "$HTTPS_PROTOCOLS" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/https.conf" "%HTTPS_PROTOCOLS%" "$HTTPS_PROTOCOLS"
|
||||
else
|
||||
replace_in_file "/etc/nginx/https.conf" "%HTTPS_PROTOCOLS%" ""
|
||||
fi
|
||||
if [ "$STRICT_TRANSPORT_SECURITY" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/https.conf" "%STRICT_TRANSPORT_SECURITY%" "more_set_headers 'Strict-Transport-Security: $STRICT_TRANSPORT_SECURITY';"
|
||||
else
|
||||
|
|
Loading…
Reference in New Issue