Skip to content

Commit

Permalink
fix http v3
Browse files Browse the repository at this point in the history
  • Loading branch information
@mhf-ir
mhf-ir committed May 5, 2024
1 parent 875cb13 commit b5e58d0
Show file tree
Hide file tree
Showing 4 changed files with 5 additions and 7 deletions.
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ ENV ASM_NGX_EXTRA_ACCESS_LOG_COMMENT="" \
ASM_NGX_EXTRA_PROXY_CACHE_SLOW_SIZE="4096m" \
ASM_NGX_EXTRA_PROXY_CACHE_FAST_COMMENT="" \
ASM_NGX_EXTRA_PROXY_CACHE_SLOW_COMMENT="" \
ASM_NGX_EXTRA_SSL_PROFILE="modern" \
ASM_NGX_EXTRA_SSL_PROFILE="intermediate" \
ASM_NGX_EXTRA_MONITORING_PORT="8127" \
ASM_NGX_EXTRA_CLIENT_BODY_BUFFER_SIZE="256k" \
ASM_NGX_EXTRA_CLIENT_HEADER_BUFFER_SIZE="2k" \
Expand Down
4 changes: 0 additions & 4 deletions conf.d/http/default_server.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ server {
server {
listen 80 default_server;
listen 443 default_server ssl http2;
listen 443 default_server quic reuseport;

server_name _;

Expand All @@ -26,9 +25,6 @@ server {
ssl_certificate_key /.defaults/cert/privkey.pem;
ssl_trusted_certificate /.defaults/cert/chain.pem;

# add Alt-Svc header to negotiate HTTP/3.
add_header alt-svc 'h3=":443"; ma=86400';

location = /robots.txt {
return 200 "User-agent: *\nDisallow: /";
}
Expand Down
2 changes: 1 addition & 1 deletion nginx/.defaults/ssl/profile.intermediate.conf
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
ssl_prefer_server_ciphers off;
ssl_dhparam /.defaults/cert/dhparam.pem;
4 changes: 3 additions & 1 deletion nginx/.defaults/ssl/profile.runtime.conf
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,4 @@
ssl_protocols TLSv1.3;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
ssl_prefer_server_ciphers off;
ssl_dhparam /.defaults/cert/dhparam.pem;

0 comments on commit b5e58d0

Please sign in to comment.