mirror of
https://github.com/NginxProxyManager/nginx-proxy-manager.git
synced 2025-08-02 15:33:32 +00:00
dep updates/header changes/tls changes
Signed-off-by: Zoey <zoey@z0ey.de> - dep updates - upodate nginx/certbot - improve headers - change NPM to NPMplus in launch.sh - when using https backend, only TLSv1 to TLSv1.3 is now allowed, whith secure ciphers
This commit is contained in:
@@ -4,5 +4,4 @@ more_set_headers "X-Content-Type-Options: nosniff";
|
||||
more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";
|
||||
more_set_headers "Content-Security-Policy: upgrade-insecure-requests";
|
||||
|
||||
more_set_headers "Expect-CT: enforce; max-age=86400";
|
||||
more_set_headers "Strict-Transport-Security: max-age=31536000; includeSubDomains; preload";
|
@@ -6,7 +6,9 @@ proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Accept-Encoding "";
|
||||
proxy_set_header Host $host;
|
||||
|
||||
proxy_ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1 SSLv3 SSLv2;
|
||||
proxy_http_version 1.1;
|
||||
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
|
||||
proxy_ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_hide_header Upgrade;
|
||||
proxy_pass $forward_scheme://$server:$port$request_uri;
|
||||
|
@@ -7,6 +7,6 @@ ssl_session_tickets off;
|
||||
ssl_dhparam /etc/tls/dhparam;
|
||||
|
||||
# intermediate configuration. tweak to your needs.
|
||||
ssl_protocols TLSv1.3 TLSv1.2;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
Reference in New Issue
Block a user