From 259555286a8c9b704a2ee190303a4460d59cc993 Mon Sep 17 00:00:00 2001 From: bsu3338 Date: Sun, 21 Jan 2024 16:00:03 -0600 Subject: [PATCH 1/2] Update nginx.conf Add Mozilla SSL Configuration Generator recommended options. --- client/nginx.conf | 84 +++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 70 insertions(+), 14 deletions(-) diff --git a/client/nginx.conf b/client/nginx.conf index 7a64fb0f65d..1bec154f7eb 100644 --- a/client/nginx.conf +++ b/client/nginx.conf @@ -1,21 +1,77 @@ +# Secure default configuration generated by Mozilla SSL Configuration Generator +# generated 2024-01-21, Mozilla Guideline v5.7, nginx 1.24.0, OpenSSL 3.1.4, intermediate configuration +# https://ssl-config.mozilla.org/#server=nginx&version=1.24.0&config=intermediate&openssl=3.1.4&guideline=5.7 + server { - listen 80; - # listen 443 ssl; + listen 80 default_server; + listen [::]:80 default_server; - # ssl_certificate /etc/nginx/ssl/nginx.crt; - # ssl_certificate_key /etc/nginx/ssl/nginx.key; + # To Configure SSL, comment all lines within the Non-SSL section and uncomment all lines under the SSL section. + ######################################## Non-SSL ######################################## + server_name localhost; + + # Increase the client_max_body_size to allow larger file uploads + # The default limits for image uploads as of 11/22/23 is 20MB/file, and 25MB/request + client_max_body_size 25M; - server_name localhost; + location /api { + proxy_pass http://api:3080/api; + } - # Increase the client_max_body_size to allow larger file uploads - # The default limits for image uploads as of 11/22/23 is 20MB/file, and 25MB/request - client_max_body_size 25M; + location / { + proxy_pass http://api:3080; + } - location /api { - proxy_pass http://api:3080/api; - } - location / { - proxy_pass http://api:3080; - } + ######################################## SSL ######################################## +# # Redirect all http traffic to https +# location / { +# return 301 https://$host$request_uri; +# } } + +#server { +# listen 443 ssl http2; +# listen [::]:443 ssl http2; + +# ssl_certificate /etc/nginx/ssl/nginx.crt; +# ssl_certificate_key /etc/nginx/ssl/nginx.key; +# ssl_session_timeout 1d; +# ssl_session_cache shared:MozSSL:10m; # about 40000 sessions +# ssl_session_tickets off; + +# # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /etc/nginx/ssl/dhparam +# ssl_dhparam /etc/nginx/ssl/dhparam; + +# # intermediate configuration +# ssl_protocols TLSv1.2 TLSv1.3; +# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305; +# ssl_prefer_server_ciphers off; + +# # HSTS (ngx_http_headers_module is required) (63072000 seconds) +# add_header Strict-Transport-Security "max-age=63072000" always; + +# # OCSP stapling +# ssl_stapling on; +# ssl_stapling_verify on; + +# # verify chain of trust of OCSP response using Root CA and Intermediate certs +# ssl_trusted_certificate /etc/nginx/ssl/ca.crt; + +# # replace with the IP address of your resolver +# resolver 127.0.0.1; + +# server_name localhost; + +# # Increase the client_max_body_size to allow larger file uploads +# # The default limits for image uploads as of 11/22/23 is 20MB/file, and 25MB/request +# client_max_body_size 25M; + +# location /api { +# proxy_pass http://api:3080/api; +# } + +# location / { +# proxy_pass http://api:3080; +# } +#} From d7bbe54fa70ace0eccd43391bd983486b2536854 Mon Sep 17 00:00:00 2001 From: bsu3338 Date: Sun, 21 Jan 2024 16:02:04 -0600 Subject: [PATCH 2/2] Update nginx.conf Remove Space --- client/nginx.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/client/nginx.conf b/client/nginx.conf index 1bec154f7eb..29d01073e2e 100644 --- a/client/nginx.conf +++ b/client/nginx.conf @@ -22,7 +22,6 @@ server { proxy_pass http://api:3080; } - ######################################## SSL ######################################## # # Redirect all http traffic to https # location / {