1
0
mirror of https://github.com/tommytran732/Gitea-Docker-Compose synced 2024-11-21 17:21:32 -05:00

Stricter ciphers

This commit is contained in:
Tommy 2022-12-01 20:10:54 -05:00 committed by GitHub
parent 74926165c2
commit 0859d51033
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -15,8 +15,8 @@ ssl_dhparam /config/nginx/dhparams.pem;
# intermediate configuration # intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3; ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers off; ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (63072000 seconds) # HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
@ -38,4 +38,4 @@ add_header X-XSS-Protection "0" always;
add_header Cross-Origin-Resource-Policy same-origin; add_header Cross-Origin-Resource-Policy same-origin;
add_header Cross-Origin-Embedder-Policy require-corp; add_header Cross-Origin-Embedder-Policy require-corp;
add_header Cross-Origin-Opener-Policy same-origin; add_header Cross-Origin-Opener-Policy same-origin;
add_header Expect-CT "enforce, max-age=63072000"; add_header Expect-CT "enforce, max-age=63072000";