35 lines
1.7 KiB
Plaintext
35 lines
1.7 KiB
Plaintext
{% set os_path = import("os.path") %}
|
|
|
|
{% if USE_CUSTOM_SSL == "yes" %}
|
|
{% if os_path.isfile("/var/cache/bunkerweb/customcert/cert.pem") and os_path.isfile("/var/cache/bunkerweb/customcert/key.pem") or os_path.isfile("/var/cache/bunkerweb/customcert/" + SERVER_NAME + "/cert.pem") and os_path.isfile("/var/cache/bunkerweb/customcert/" + SERVER_NAME + "/key.pem") +%}
|
|
|
|
# listen
|
|
listen 0.0.0.0:{{ LISTEN_STREAM_PORT_SSL }} ssl {% if USE_UDP == "yes" %} udp {% endif %}{% if USE_PROXY_PROTOCOL == "yes" %} proxy_protocol {% endif %};
|
|
{% if USE_IPV6 == "yes" +%}
|
|
listen [::]:{{ LISTEN_STREAM_PORT_SSL }} ssl {% if USE_UDP == "yes" %} udp {% endif %}{% if USE_PROXY_PROTOCOL == "yes" %} proxy_protocol {% endif %};
|
|
{% endif %}
|
|
|
|
# TLS config
|
|
{% if os_path.isfile("/var/cache/bunkerweb/customcert/" + SERVER_NAME + "/cert.pem") %}
|
|
ssl_certificate /var/cache/bunkerweb/customcert/{{ SERVER_NAME }}/cert.pem;
|
|
{% else %}
|
|
ssl_certificate /var/cache/bunkerweb/customcert/cert.pem;
|
|
{% endif %}
|
|
{% if os_path.isfile("/var/cache/bunkerweb/customcert/" + SERVER_NAME + "/key.pem") %}
|
|
ssl_certificate_key /var/cache/bunkerweb/customcert/{{ SERVER_NAME }}/key.pem;
|
|
{% else %}
|
|
ssl_certificate_key /var/cache/bunkerweb/customcert/key.pem;
|
|
{% endif %}
|
|
ssl_protocols {{ SSL_PROTOCOLS }};
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_session_tickets off;
|
|
ssl_session_timeout 1d;
|
|
ssl_session_cache shared:MozSSLStream:10m;
|
|
{% if "TLSv1.2" in SSL_PROTOCOLS +%}
|
|
ssl_dhparam /etc/nginx/dhparam;
|
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
|
{% endif %}
|
|
|
|
{% endif %}
|
|
{% endif %}
|