dep updates/header changes/tls changes

Signed-off-by: Zoey <zoey@z0ey.de>

- dep updates
- upodate nginx/certbot
- improve headers
- change NPM to NPMplus in launch.sh
- when using https backend, only TLSv1 to TLSv1.3 is now allowed, whith secure ciphers
This commit is contained in:
renovate[bot]
2023-10-12 01:35:04 +00:00
committed by Zoey
parent 36298f284d
commit 8987ff9c6d
14 changed files with 44 additions and 26 deletions

View File

@@ -4,5 +4,4 @@ more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";
more_set_headers "Content-Security-Policy: upgrade-insecure-requests";
more_set_headers "Expect-CT: enforce; max-age=86400";
more_set_headers "Strict-Transport-Security: max-age=31536000; includeSubDomains; preload";

View File

@@ -6,7 +6,9 @@ proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Accept-Encoding "";
proxy_set_header Host $host;
proxy_ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1 SSLv3 SSLv2;
proxy_http_version 1.1;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
proxy_ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;
proxy_http_version 1.1;
proxy_hide_header Upgrade;
proxy_pass $forward_scheme://$server:$port$request_uri;

View File

@@ -7,6 +7,6 @@ ssl_session_tickets off;
ssl_dhparam /etc/tls/dhparam;
# intermediate configuration. tweak to your needs.
ssl_protocols TLSv1.3 TLSv1.2;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
ssl_prefer_server_ciphers on;