danwin1210/mail-hosting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make use of snakeoil certificates in default configuration files

Browse Source
This commit is contained in:
Daniel Winzen
2024-06-05 21:53:17 +02:00
parent ffac3ea1db
commit a8c633b1d2
12 changed files with 70 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
etc_clearnet_proxy/nginx/nginx.conf
View File

@ -4,6 +4,7 @@ pid /run/nginx.pid;
pcre_jit on;
worker_rlimit_nofile 30000;
worker_shutdown_timeout 1m;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 20000;
@ -50,8 +51,8 @@ http {
ssl_early_data off;
ssl_stapling on;
ssl_stapling_verify on;
ssl_certificate /etc/acme.sh/danwin1210.de_ecc/fullchain.cer;
ssl_certificate_key /etc/acme.sh/danwin1210.de_ecc/danwin1210.de.key;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
ssl_dhparam /etc/nginx/dh4096.pem;
##
@ -119,8 +120,8 @@ stream {
ssl_ecdh_curve X448:X25519:secp521r1:secp384r1:secp256k1;
ssl_ciphers HIGH:!PSK:!RSA:!aNULL:!MD5:!SHA:!CAMELLIA:!AES+SHA256:!AES+SHA384;
ssl_session_cache shared:SSLSTREAM:10m;
ssl_certificate /etc/acme.sh/danwin1210.de_ecc/fullchain.cer;
ssl_certificate_key /etc/acme.sh/danwin1210.de_ecc/danwin1210.de.key;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
ssl_dhparam /etc/nginx/dh4096.pem;
#smtp
server {