Use strong ciphers for proxies
This commit is contained in:
Tommy
GitHub
parent
662d06a701
commit
71a7618b1c
@ -9,6 +9,14 @@ ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-EC
|
|||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
ssl_conf_command Options PrioritizeChaCha;
|
ssl_conf_command Options PrioritizeChaCha;
|
||||||
|
|
||||||
|
# Use strong ciphers for proxies
|
||||||
|
proxy_ssl_verify on;
|
||||||
|
proxy_ssl_server_name on;
|
||||||
|
proxy_ssl_session_reuse on;
|
||||||
|
proxy_ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
proxy_ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256;
|
||||||
|
proxy_ssl_conf_command Options PrioritizeChaCha;
|
||||||
|
|
||||||
## Configure ssl session cache
|
## Configure ssl session cache
|
||||||
## Improves performance but we don't wanna keep this forever
|
## Improves performance but we don't wanna keep this forever
|
||||||
## Session ticket creation and rotation is handled by GrapheneOS's scripts:
|
## Session ticket creation and rotation is handled by GrapheneOS's scripts:
|
||||||
@ -22,11 +30,6 @@ ssl_session_ticket_key session-ticket-keys/3.key;
|
|||||||
ssl_session_ticket_key session-ticket-keys/2.key;
|
ssl_session_ticket_key session-ticket-keys/2.key;
|
||||||
ssl_session_ticket_key session-ticket-keys/1.key;
|
ssl_session_ticket_key session-ticket-keys/1.key;
|
||||||
|
|
||||||
## Enable HSTS header
|
|
||||||
|
|
||||||
proxy_hide_header Strict-Transport-Security;
|
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
|
||||||
|
|
||||||
## The following settings need to be declared manually per vhost:
|
## The following settings need to be declared manually per vhost:
|
||||||
## ssl_certificate
|
## ssl_certificate
|
||||||
## ssl_certificate_key
|
## ssl_certificate_key
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user