Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TLS Version / HSTS Header #72

Closed
abeggled opened this issue May 13, 2023 · 2 comments
Closed

TLS Version / HSTS Header #72

abeggled opened this issue May 13, 2023 · 2 comments

Comments

@abeggled
Copy link

Please add the ability to define the alllowed TLS Version of the GUI and the possibility to add HSTS Headers.

hakwerk added a commit that referenced this issue Jun 18, 2023
The previous image 1.21.6 did not accept TLS v1.3 and still accepted 1.0 and 1.1
@hakwerk
Copy link
Owner

hakwerk commented Jun 25, 2023

I can't use HSTS because some of the endpoints (such as for OCSP) need to be accessible over plain HTTP, so that clients can properly build trust if they encounter a LabCA certificate for the first time.

The next release will use a newer nginx image that only accepts TLS 1.2 and 1.3, the current version did not even support 1.3 yet. Oops.
I'll have a look at making some nginx configs accessible in the GUI

hakwerk added a commit that referenced this issue Jul 15, 2023
If you want to control e.g. the ssl_protocols or ssl_ciphers settings,
create a file named 'custom-ssl.inc' in the /home/labca/nginx_data/conf.d/
directory (or when using the docker-only setup, either add a volume mount
or edit the labca_nginx_conf volume to include the file). Similarly,
'custom-base.inc' can be created to e.g. define a custom log format, and
'custom.inc' could be created for any settings on the plain HTTP server
context.
@hakwerk
Copy link
Owner

hakwerk commented Jul 20, 2023

It is now (release v23.07.1) possible to put custom settings in one or more extra files in the /home/labca/nginx_data/conf.d/ directory (or when using the docker-only setup, either add a volume mount or edit the labca_nginx_conf volume to include the file(s) in /etc/nginx/conf.d/):

  • custom-base.inc for settings in the http context, e.g. define a custom log format
  • custom.inc for settings on the plain HTTP server context
  • custom-ssl.inc to control e.g. the ssl_protocols or ssl_ciphers settings

@hakwerk hakwerk closed this as completed Sep 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants