lee/caprover
1
0
Fork 0
mirror of https://github.com/caprover/caprover synced 2025-10-30 10:07:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Enforce the same TLS settings for all TLS vhosts

Browse Source 
The default TLS settings (disabling tls1.0 and 1.1) chosen by CapRover should be applied to the catchall virtualhost as well as the embedded registry.
This commit is contained in:
Jeffrey Paul
2020-02-05 03:28:17 -08:00
committed by GitHub
parent d09b6e2f3c
commit 0f6cf799f9
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
template/root-nginx-conf.ejs
View File

@@ -9,6 +9,11 @@
listen 443 ssl;
ssl_certificate <%-fake.crtPath%>;
ssl_certificate_key <%-fake.keyPath%>;
# Mozilla Intermediate configuration. tweak to your needs.
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
server_name _;
@@ -117,6 +122,11 @@
listen 443 ssl;
ssl_certificate <%-registry.crtPath%>;
ssl_certificate_key <%-registry.keyPath%>;
# Mozilla Intermediate configuration. tweak to your needs.
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
<%
}
%>