Weblate/scripts
2
0
Fork 0
mirror of https://gh.llkk.cc/https://github.com/WeblateOrg/scripts.git synced 2025-10-03 15:01:00 +08:00
Code Issues Projects Packages Wiki Activity Actions 3
scripts/upgrade-nginx-ssl

34 lines
1 KiB
Text
Raw Normal View History

Add script to upgrade ssl config
2021-02-07 13:36:03 +01:00
#!/bin/sh
# Based on https://ssl-config.mozilla.org/#server=nginx
# Disable Letsencrypt SSL configuraion (it is weak)
sed -i '/\/etc\/letsencrypt\/options-ssl-nginx.conf/ D' /etc/nginx/sites-available/*
Fix nginx config
2021-02-07 13:56:03 +01:00
# Disable built-in SSL config
sed -i -e '/ssl_protocols/D' -e '/ssl_prefer_server_ciphers/D' /etc/nginx/nginx.conf
Add script to upgrade ssl config
2021-02-07 13:36:03 +01:00
# Update SSL config
fix: apply shell formatting
2025-07-16 15:11:55 +02:00
cat > /etc/nginx/conf.d/ssl.conf << EOT
Add script to upgrade ssl config
2021-02-07 13:36:03 +01:00
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_dhparam /etc/nginx/ffdhe4096.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_stapling on;
ssl_stapling_verify on;
EOT
# Update DH params
chore: apply shfmt
2025-04-08 11:35:17 +02:00
if [ ! -f /etc/nginx/ffdhe4096.pem ]; then
fix: apply shell formatting
2025-07-16 15:11:55 +02:00
curl https://ssl-config.mozilla.org/ffdhe2048.txt > /etc/nginx/ffdhe4096.pem
Add script to upgrade ssl config
2021-02-07 13:36:03 +01:00
fi
# Reload ngxin
systemctl reload nginx
Reference in a new issue Copy permalink