Moved SSL tags to http context to avoid duplicating

2025-10-30 10:07:01 +00:00 · 2020-06-16 20:27:34 -04:00
parent a966112d31
commit f896eef1cf
3 changed files with 9 additions and 29 deletions
--- a/template/base-nginx-conf.ejs
+++ b/template/base-nginx-conf.ejs
@@ -38,6 +38,15 @@ http {

    server_names_hash_bucket_size 128;

+    ssl_session_cache   shared:SSL:20m;
+    ssl_session_timeout 1d;
+    ssl_session_tickets off;
+
+    # Mozilla Intermediate configuration. tweak to your needs.
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+
    # Don't emit NGINX version on error pages and in the “Server” response header field.
    server_tokens off;

--- a/template/root-nginx-conf.ejs
+++ b/template/root-nginx-conf.ejs
@@ -9,11 +9,6 @@
        listen              443 ssl;
        ssl_certificate     <%-fake.crtPath%>;
        ssl_certificate_key <%-fake.keyPath%>;
-        
-        # Mozilla Intermediate configuration. tweak to your needs.
-        ssl_protocols TLSv1.2 TLSv1.3;
-        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-        ssl_prefer_server_ciphers off;

        server_name  _;

@@ -54,15 +49,6 @@
        ssl_certificate     <%-captain.crtPath%>;
        ssl_certificate_key <%-captain.keyPath%>;

-        ssl_session_cache   shared:SSL:20m;
-        ssl_session_timeout 1d;
-        ssl_session_tickets off;
-
-
-        # Mozilla Intermediate configuration. tweak to your needs.
-        ssl_protocols TLSv1.2 TLSv1.3;
-        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-        ssl_prefer_server_ciphers off;
    <%
        }
    %>
@@ -122,11 +108,6 @@
        listen              443 ssl;
        ssl_certificate     <%-registry.crtPath%>;
        ssl_certificate_key <%-registry.keyPath%>;
-        
-        # Mozilla Intermediate configuration. tweak to your needs.
-        ssl_protocols TLSv1.2 TLSv1.3;
-        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-        ssl_prefer_server_ciphers off;
    <%
        }
    %>
--- a/template/server-block-conf.ejs
+++ b/template/server-block-conf.ejs
@@ -39,16 +39,6 @@ server {
        listen              443 ssl http2;
        ssl_certificate     <%-s.crtPath%>;
        ssl_certificate_key <%-s.keyPath%>;
-
-        ssl_session_cache   shared:SSL:20m;
-        ssl_session_timeout 1d;
-        ssl_session_tickets off;
-
-
-        # Mozilla Intermediate configuration. tweak to your needs.
-        ssl_protocols TLSv1.2 TLSv1.3;
-        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-        ssl_prefer_server_ciphers off;
    <%
    }
    %>