Skip to content

Commit 66cdb1f

Browse files
Zoey2936Zoey2936
committed
use default proxy tls settings
Signed-off-by: Zoey <[email protected]>
1 parent b091ad0 commit 66cdb1f

File tree

3 files changed

+4
-10
lines changed

3 files changed

+4
-10
lines changed

rootfs/usr/local/nginx/conf/conf.d/include/hsts.conf

+2-2
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,6 @@ more_set_headers "X-XSS-Protection: 0";
22
more_set_headers "X-Frame-Options: SAMEORIGIN";
33
more_set_headers "X-Content-Type-Options: nosniff";
44
more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";
5-
more_set_headers "Content-Security-Policy: $content_security_policy";
5+
more_set_headers "Content-Security-Policy: $content_security_policy"; # if not set by upstream: upgrade-insecure-requests, else upstreams value is used
66

7-
more_set_headers "Strict-Transport-Security: $hsts_header";
7+
more_set_headers "Strict-Transport-Security: $hsts_header"; # means: max-age=63072000; includeSubDomains; preload

rootfs/usr/local/nginx/conf/conf.d/include/proxy-location.conf

+1-4
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,5 @@ proxy_set_header X-Real-IP $remote_addr;
66
#proxy_set_header Accept-Encoding "";
77
proxy_set_header Host $host;
88

9-
proxy_set_header Early-Data $ssl_early_data;
10-
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
11-
proxy_ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;
12-
139
proxy_http_version 1.1;
10+
proxy_set_header Early-Data $ssl_early_data;

rootfs/usr/local/nginx/conf/conf.d/include/proxy.conf

+1-4
Original file line numberDiff line numberDiff line change
@@ -6,9 +6,6 @@ proxy_set_header X-Real-IP $remote_addr;
66
#proxy_set_header Accept-Encoding "";
77
proxy_set_header Host $host;
88

9-
proxy_set_header Early-Data $ssl_early_data;
10-
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
11-
proxy_ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;
12-
139
proxy_http_version 1.1;
10+
proxy_set_header Early-Data $ssl_early_data;
1411
proxy_pass $forward_scheme://$server:$port$request_uri;

0 commit comments

Comments
 (0)