Mirrors/dokku
1
0
Fork 0
mirror of https://github.com/dokku/dokku.git synced 2025-12-29 00:25:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2678 from callahad/modern-tls

Browse Source 
Update the default cipher suite
This commit is contained in:
Jose Diaz-Gonzalez
2017-04-22 14:42:19 -06:00
committed by GitHub
parent 7d825f8be0 42860dd2a9
commit 18957dcf39
4 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
debian/control vendored
View File

@@ -5,7 +5,7 @@ Priority: optional
Architecture: amd64
Depends: locales, git, make, curl, gcc, man-db, sshcommand (>= 0.6.0), gliderlabs-sigil, docker-engine-cs (>= 1.9.1) | docker-engine (>= 1.9.1) | docker-ce | docker-ee, software-properties-common, python-software-properties
Recommends: herokuish (>= 0.3.4), parallel
Pre-Depends: nginx, dnsutils, cgroupfs-mount | cgroup-lite, plugn (>= 0.3.0), sudo, python2.7, debconf
Pre-Depends: nginx (>= 1.8.0), dnsutils, cgroupfs-mount | cgroup-lite, plugn (>= 0.3.0), sudo, python2.7, debconf
Maintainer: Jose Diaz-Gonzalez <dokku@josediazgonzalez.com>
Description: Docker-powered PaaS that helps build and manage the lifecycle of applications
Dokku is an extensible, open source Platform as a Service

6
plugins/nginx-vhosts/install
View File

@@ -35,10 +35,12 @@ include $DOKKU_ROOT/*/nginx.conf;
server_tokens off;
# Settings from https://mozilla.github.io/server-side-tls/ssl-config-generator/
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_session_timeout 1d;
ssl_session_tickets on;
ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;
EOF
fi

3
plugins/nginx-vhosts/templates/nginx.conf.sigil
View File

@@ -47,7 +47,8 @@ server {
ssl_certificate {{ $.APP_SSL_PATH }}/server.crt;
ssl_certificate_key {{ $.APP_SSL_PATH }}/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
keepalive_timeout 70;
{{ if and (eq $.SPDY_SUPPORTED "true") (ne $.HTTP2_SUPPORTED "true") }}add_header Alternate-Protocol {{ $.NGINX_SSL_PORT }}:npn-spdy/2;{{ end }}

2
rpm.mk
View File

@@ -99,7 +99,7 @@ endif
--depends 'gliderlabs-sigil' \
--depends '/usr/bin/docker' \
--depends 'bind-utils' \
--depends 'nginx' \
--depends 'nginx >= 1.8.0' \
--depends 'plugn' \
--depends 'sudo' \
--depends 'python' \