Work_Archive/VPS-scripts_Web-V2
1
0
Fork 0
Code Issues 3 Pull Requests Packages Projects Releases 11 Wiki Activity

Updated SSL settings and installation methode

Browse Source
This commit is contained in:
Bram Prieshof
2020-08-07 16:21:58 +02:00
parent 208a7eca53
commit 5f27c5cba1
13 changed files with 114 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
CoreModules/nginx/config/nginx/nginx-default.conf
View File

@@ -28,17 +28,6 @@ http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 180m;
ssl_ecdh_curve secp384r1;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options sameorigin;
add_header X-Content-Type-Options nosniff;
add_header X-Xss-Protection "1; mode=block";
#access_log /var/log/nginx/access.log;
access_log off;
error_log /var/log/nginx/error.log;

24
CoreModules/nginx/config/nginx/site_ssl-unconfigured Normal file
View File

@@ -0,0 +1,24 @@
server {
listen 80;
listen [::]:80;
server_name DOMAINname;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name DOMAINname;
ssl_certificate /etc/letsencrypt/live/DOMAINname/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/DOMAINname/privkey.pem;
include ../snippets/ngx-ssl.conf;
#ConfHere
}

18
CoreModules/nginx/config/nginx/site_ssl-wwwredir Normal file
View File

@@ -0,0 +1,18 @@
server {
#www.domain > domain redirect
listen 80;
listen [::]:80;
server_name www.DOMAINname;
return 301 http://DOMAINname$request_uri;
}
server {
#SSL www.domain > domain redirect
listen 443 ssl;
listen [::]:443 ssl;
server_name www.DOMAINname;
ssl_certificate /etc/letsencrypt/live/DOMAINname/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/DOMAINname/privkey.pem;
include ../snippets/ngx-ssl.conf;
return 301 https://DOMAINname$request_uri;
}

10
CoreModules/nginx/config/nginx/snippets-ssl.conf Normal file
View File

@@ -0,0 +1,10 @@
ssl_session_cache shared:le_nginx_SSL:1m;
ssl_session_timeout 1440m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
add_header X-Frame-Options sameorigin;
add_header X-Content-Type-Options nosniff;
add_header X-Xss-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;