www/nginx: include missing dh parameter file on 22.7
This commit is contained in:
parent
835f72cc23
commit
abf01bff99
|
@ -1,6 +1,6 @@
|
|||
PLUGIN_NAME= nginx
|
||||
PLUGIN_VERSION= 1.28
|
||||
PLUGIN_REVISION= 1
|
||||
PLUGIN_REVISION= 2
|
||||
PLUGIN_COMMENT= Nginx HTTP server and reverse proxy
|
||||
PLUGIN_DEPENDS= nginx
|
||||
PLUGIN_MAINTAINER= franz.fabian.94@gmail.com
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
-----BEGIN DH PARAMETERS-----
|
||||
MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
|
||||
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
|
||||
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
|
||||
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
|
||||
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
|
||||
ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
|
||||
7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
|
||||
nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e
|
||||
8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx
|
||||
iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K
|
||||
zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI=
|
||||
-----END DH PARAMETERS-----
|
|
@ -111,7 +111,7 @@ server {
|
|||
ssl_certificate_key /usr/local/etc/nginx/key/{{ single_servername }}.key;
|
||||
ssl_certificate /usr/local/etc/nginx/key/{{ single_servername }}.pem;
|
||||
ssl_protocols {{ server.tls_protocols.replace(',', ' ') }};
|
||||
ssl_dhparam /usr/local/etc/dh-parameters.4096;
|
||||
ssl_dhparam /usr/local/opnsense/data/OPNsense/Nginx/dh-parameters.4096.rfc7919;
|
||||
{% if server.tls_ciphers is defined and server.tls_ciphers != '' %}
|
||||
ssl_ciphers {{ server.tls_ciphers }};
|
||||
{% endif %}
|
||||
|
|
|
@ -75,7 +75,7 @@
|
|||
ssl_certificate_key /usr/local/etc/nginx/key/{{ server['@uuid'] }}.key;
|
||||
ssl_certificate /usr/local/etc/nginx/key/{{ server['@uuid'] }}.pem;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_dhparam /usr/local/etc/dh-parameters.4096;
|
||||
ssl_dhparam /usr/local/opnsense/data/OPNsense/Nginx/dh-parameters.4096.rfc7919;
|
||||
ssl_ciphers 'ECDHE-ECDSA-CAMELLIA256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CAMELLIA256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CAMELLIA128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CAMELLIA128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-CAMELLIA256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-CAMELLIA128-SHA256:ECDHE-RSA-AES128-SHA256';
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:sslcache{{ server['@uuid'].replace('-','') }}:50m;
|
||||
|
|
|
@ -11,7 +11,7 @@ server {
|
|||
listen 80 default_server; # if redirect is enabled
|
||||
listen {% if system.webgui.port is defined and system.webgui.port != '' %}{{ system.webgui.port }}{% else %}443{% endif %} ssl http2 default_server;
|
||||
## TLS configuration
|
||||
ssl_dhparam /usr/local/etc/dh-parameters.4096;
|
||||
ssl_dhparam /usr/local/opnsense/data/OPNsense/Nginx/dh-parameters.4096.rfc7919;
|
||||
ssl_ecdh_curve secp384r1;
|
||||
ssl_certificate /var/etc/cert.pem;
|
||||
ssl_certificate_key /var/etc/cert.pem;
|
||||
|
|
Loading…
Reference in New Issue