opensourcemirror
/
opnsense-plugins
mirror of https://github.com/opnsense/plugins.git
1
0
Fork 0
Code Issues Releases Wiki Activity

www/nginx: include missing dh parameter file on 22.7

This commit is contained in:
Franco Fichtner 2022-07-14 08:29:00 +02:00
parent 835f72cc23
commit abf01bff99
5 changed files with 17 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
www/nginx/Makefile
View File

@ -1,6 +1,6 @@
PLUGIN_NAME= nginx
PLUGIN_VERSION= 1.28
PLUGIN_REVISION= 1
PLUGIN_REVISION= 2
PLUGIN_COMMENT= Nginx HTTP server and reverse proxy
PLUGIN_DEPENDS= nginx
PLUGIN_MAINTAINER= franz.fabian.94@gmail.com

13
www/nginx/src/opnsense/data/OPNsense/Nginx/dh-parameters.4096.rfc7919 Normal file
View File

@ -0,0 +1,13 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e
8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx
iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K
zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI=
-----END DH PARAMETERS-----

2
www/nginx/src/opnsense/service/templates/OPNsense/Nginx/http.conf
View File

@ -111,7 +111,7 @@ server {
ssl_certificate_key /usr/local/etc/nginx/key/{{ single_servername }}.key;
ssl_certificate /usr/local/etc/nginx/key/{{ single_servername }}.pem;
ssl_protocols {{ server.tls_protocols.replace(',', ' ') }};
ssl_dhparam /usr/local/etc/dh-parameters.4096;
ssl_dhparam /usr/local/opnsense/data/OPNsense/Nginx/dh-parameters.4096.rfc7919;
{% if server.tls_ciphers is defined and server.tls_ciphers != '' %}
ssl_ciphers {{ server.tls_ciphers }};
{% endif %}

2
www/nginx/src/opnsense/service/templates/OPNsense/Nginx/streams.conf
View File

@ -75,7 +75,7 @@
ssl_certificate_key /usr/local/etc/nginx/key/{{ server['@uuid'] }}.key;
ssl_certificate /usr/local/etc/nginx/key/{{ server['@uuid'] }}.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_dhparam /usr/local/etc/dh-parameters.4096;
ssl_dhparam /usr/local/opnsense/data/OPNsense/Nginx/dh-parameters.4096.rfc7919;
ssl_ciphers 'ECDHE-ECDSA-CAMELLIA256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CAMELLIA256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CAMELLIA128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CAMELLIA128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-CAMELLIA256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-CAMELLIA128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_session_timeout 1d;
ssl_session_cache shared:sslcache{{ server['@uuid'].replace('-','') }}:50m;

2
www/nginx/src/opnsense/service/templates/OPNsense/Nginx/webgui.conf
View File

@ -11,7 +11,7 @@ server {
listen 80 default_server; # if redirect is enabled
listen {% if system.webgui.port is defined and system.webgui.port != '' %}{{ system.webgui.port }}{% else %}443{% endif %} ssl http2 default_server;
## TLS configuration
ssl_dhparam /usr/local/etc/dh-parameters.4096;
ssl_dhparam /usr/local/opnsense/data/OPNsense/Nginx/dh-parameters.4096.rfc7919;
ssl_ecdh_curve secp384r1;
ssl_certificate /var/etc/cert.pem;
ssl_certificate_key /var/etc/cert.pem;