mirror of
https://github.com/jc21/nginx-proxy-manager.git
synced 2024-08-30 18:22:48 +00:00
81054631f9
nginx only uses the `ssl_protocols` directive in the `server{}` block of the first processed host config, which is the default config in `/etc/nginx/conf.d/default.conf`. in version `v2.9.20` the default ssl site was dropped by using `ssl_reject_handshake on` in the default host config. but beside the include of `conf.d/include/ssl-ciphers.conf` was removed from the default host config. that's why `tlsv1.3` isn't applied by default anymore, same thing with the defined cipher suites. npm is so broken since `2023-03-16`.
commit that broke the config -> a7f0c3b730
40 lines
929 B
Plaintext
40 lines
929 B
Plaintext
# "You are not configured" page, which is the default if another default doesn't exist
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
|
|
set $forward_scheme "http";
|
|
set $server "127.0.0.1";
|
|
set $port "80";
|
|
|
|
server_name localhost-nginx-proxy-manager;
|
|
access_log /data/logs/fallback_access.log standard;
|
|
error_log /data/logs/fallback_error.log warn;
|
|
include conf.d/include/assets.conf;
|
|
include conf.d/include/block-exploits.conf;
|
|
include conf.d/include/letsencrypt-acme-challenge.conf;
|
|
|
|
location / {
|
|
index index.html;
|
|
root /var/www/html;
|
|
}
|
|
}
|
|
|
|
# First 443 Host, which is the default if another default doesn't exist
|
|
server {
|
|
listen 443 ssl;
|
|
listen [::]:443 ssl;
|
|
|
|
set $forward_scheme "https";
|
|
set $server "127.0.0.1";
|
|
set $port "443";
|
|
|
|
server_name localhost;
|
|
access_log /data/logs/fallback_access.log standard;
|
|
error_log /dev/null crit;
|
|
include conf.d/include/ssl-ciphers.conf;
|
|
ssl_reject_handshake on;
|
|
|
|
return 444;
|
|
}
|