josh :bocchi_arch:
in case anyone needs to add websocket support to their reverse proxy config in nginx you just need to add these lines under your "location":
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
(silly me for thinking it would be something like websocket_support true)
Dushman
@josh@phocks.eu.org
https://github.com/drwetter/testssl.sh
This is how I know, very nice tool.
Dushman
@josh@phocks.eu.org
Btw you have TLS 1 enabled which is a no no, don't do that lol.
josh :bocchi_arch:
@dushman awesome. thanks. amazing how much of the world is run on text files
Dushman
@josh@phocks.eu.org
Or just the cipher portion. Put this in the http block as well. # Enables the specified protocols.
ssl_protocols TLSv1.2 TLSv1.3;
# Secure cipher configuration.
ssl_ecdh_curve X25519:X448:secp384r1:secp521r1:secp256r1;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
# You may need to disable this parameter on legacy nginx versions.
ssl_conf_command Ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256;
Dushman
@josh@phocks.eu.org
here
Dushman
@josh@phocks.eu.org
I can send you the whole nginx.conf I made. Includes directives to only support modern and secure ciphers.
josh :bocchi_arch:
@dushman woo awesome! Thanks!
Dushman
@josh@phocks.eu.org
Just put this in the http block of nginx.conf to have websocket support for everything # Helper variable for proxying websockets.
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.