ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-08-03 16:03:38 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

dep updates/header changes/tls changes

Browse Source 
Signed-off-by: Zoey <zoey@z0ey.de>

- dep updates
- upodate nginx/certbot
- improve headers
- change NPM to NPMplus in launch.sh
- when using https backend, only TLSv1 to TLSv1.3 is now allowed, whith secure ciphers
This commit is contained in:
renovate[bot]
2023-10-12 01:35:04 +00:00
committed by Zoey
parent 36298f284d
commit 8987ff9c6d
14 changed files with 44 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
backend/templates/_hsts.conf
View File

@@ -1,7 +1,19 @@
{% if certificate and certificate_id > 0 -%}
{% if ssl_forced == 1 or ssl_forced == true %}
{% if hsts_enabled == 1 or hsts_enabled == true %}
more_clear_headers "Expect-CT";
include conf.d/include/hsts.conf;
{% endif %}
{% endif %}
{% endif %}
{% unless certificate and certificate_id > 0 -%}
{% unless ssl_forced == 1 or ssl_forced == true %}
{% unless hsts_enabled == 1 or hsts_enabled == true %}
more_clear_headers "Content-Security-Policy";
more_clear_headers "Expect-CT";
more_clear_headers "Strict-Transport-Security";
{% endunless %}
{% endunless %}
{% endunless %}

5
backend/templates/_listen.conf
View File

@@ -10,7 +10,10 @@
listen 443 quic;
listen [::]:443 quic;
add_header Alt-Svc 'h3=":443"; ma=86400';
more_set_headers "Alt-Svc: h3=':443'; ma=86400";
{% endif %}
{% endif %}
{% unless hsts_subdomains %}
more_clear_headers "Alt-Svc";
{% endunless %}
server_name {{ domain_names | join: " " }};