Mirrored_Repos/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/jc21/nginx-proxy-manager.git synced 2024-08-30 18:22:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Apply fixes from v2

Browse Source
This commit is contained in:
Jamie Curnow 2023-07-24 08:08:05 +10:00
parent 001583b308
commit 9b32329f41
No known key found for this signature in database
GPG Key ID: FFBB624C43388E9E
3 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docker/rootfs/etc/nginx/conf.d/default.conf
View File

@ -16,6 +16,7 @@ server {
server { server {
listen 443 ssl default; listen 443 ssl default;
server_name localhost; server_name localhost;
include conf.d/include/ssl-ciphers.conf;
include conf.d/include/block-exploits.conf; include conf.d/include/block-exploits.conf;
access_log /data/logs/default.log proxy; access_log /data/logs/default.log proxy;
ssl_reject_handshake on; ssl_reject_handshake on;

6
docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf
View File

@ -3,7 +3,5 @@ ssl_session_cache shared:SSL:50m;
# intermediate configuration. tweak to your needs. # intermediate configuration. tweak to your needs.
ssl_protocols TLSv1.2 TLSv1.3; ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'EECDH+AESGCM:AES256+EECDH:AES256+EDH:EDH+AESGCM:ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE- ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AE ssl_prefer_server_ciphers off;
S128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES';
ssl_prefer_server_ciphers on;

4
docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/50-ipv46.sh
View File

@ -32,7 +32,7 @@ process_folder () {
for FILE in $FILES for FILE in $FILES
do do
echo " - ${FILE}" echo " - ${FILE}"
sed -E -i "$SED_REGEX" "$FILE" || true echo "$(sed -E "$SED_REGEX" "$FILE")" > $FILE
done done
# IPV6 ... # IPV6 ...
@ -47,7 +47,7 @@ process_folder () {
for FILE in $FILES for FILE in $FILES
do do
echo " - ${FILE}" echo " - ${FILE}"
sed -E -i "$SED_REGEX" "$FILE" || true echo "$(sed -E "$SED_REGEX" "$FILE")" > $FILE
done done
# ensure the files are still owned by the npm user # ensure the files are still owned by the npm user