From 7a6d92ce8903fa7c0e7d6a8867f72f0ec5d03590 Mon Sep 17 00:00:00 2001 From: itiligent Date: Sun, 23 Jul 2023 13:03:42 +1000 Subject: [PATCH] change nginx defaults to tls1.2 and above --- 3-install-nginx.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/3-install-nginx.sh b/3-install-nginx.sh index 472a4b0..5805aa5 100644 --- a/3-install-nginx.sh +++ b/3-install-nginx.sh @@ -51,6 +51,12 @@ else echo fi +# Force nginx to require tls1.2 and above +sudo sed -i -e '/ssl_protocols/s/^/#/' /etc/nginx/nginx.conf +sudo sed -i "/SSL Settings/a \ ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE" /etc/nginx/nginx.conf + + + # Symlink from sites-available to sites-enabled ln -s /etc/nginx/sites-available/$PROXY_SITE /etc/nginx/sites-enabled/