Webserver/setup optimizations (#220)

* Webserver security * Create vHost dirs during install; link vHost to sites-enabled * Remove default vHosts during install * Only generate new DH params when also using real certificates * Removed duplicate ssl_ecdh_curve
2025-11-20 13:36:05 -05:00 · 2021-06-18 15:56:45 +02:00
parent 235efbe151
commit 950adcdd9d
4 changed files with 36 additions and 6 deletions
--- a/deploy/local_install/nginx.conf
+++ b/deploy/local_install/nginx.conf
@@ -19,10 +19,7 @@ http {

    include /etc/nginx/mime.types;
    default_type application/octet-stream;
-
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
-    ssl_prefer_server_ciphers on;
-
+    
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;