diff --git a/install/debian/12/nginx/nginx.conf b/install/debian/12/nginx/nginx.conf index 6d5e36ba..6efe2337 100644 --- a/install/debian/12/nginx/nginx.conf +++ b/install/debian/12/nginx/nginx.conf @@ -100,7 +100,7 @@ http { # SSL PCI Compliance ssl_session_cache shared:SSL:10m; - ssl_protocols TLSv1.1 TLSv1.2; + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; diff --git a/install/debian/12/templates/web/nginx/force-https-legacy.stpl b/install/debian/12/templates/web/nginx/force-https-legacy.stpl index 79e55a26..bea7d86c 100644 --- a/install/debian/12/templates/web/nginx/force-https-legacy.stpl +++ b/install/debian/12/templates/web/nginx/force-https-legacy.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssll + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/force-https-public.stpl b/install/debian/12/templates/web/nginx/force-https-public.stpl index ac422df6..a7609b13 100644 --- a/install/debian/12/templates/web/nginx/force-https-public.stpl +++ b/install/debian/12/templates/web/nginx/force-https-public.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.stpl b/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.stpl index 7e0e71d1..2db9a06e 100644 --- a/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.stpl +++ b/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/force-https.stpl b/install/debian/12/templates/web/nginx/force-https.stpl index 33fab443..55f41002 100644 --- a/install/debian/12/templates/web/nginx/force-https.stpl +++ b/install/debian/12/templates/web/nginx/force-https.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/hosting-legacy.stpl b/install/debian/12/templates/web/nginx/hosting-legacy.stpl index a34b4bf1..efdd3b87 100644 --- a/install/debian/12/templates/web/nginx/hosting-legacy.stpl +++ b/install/debian/12/templates/web/nginx/hosting-legacy.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/hosting-public.stpl b/install/debian/12/templates/web/nginx/hosting-public.stpl index ac422df6..a7609b13 100644 --- a/install/debian/12/templates/web/nginx/hosting-public.stpl +++ b/install/debian/12/templates/web/nginx/hosting-public.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.stpl b/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.stpl index 7e0e71d1..2db9a06e 100644 --- a/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.stpl +++ b/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/hosting.stpl b/install/debian/12/templates/web/nginx/hosting.stpl index 755caadf..5745311e 100644 --- a/install/debian/12/templates/web/nginx/hosting.stpl +++ b/install/debian/12/templates/web/nginx/hosting.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/private-force-https.stpl b/install/debian/12/templates/web/nginx/private-force-https.stpl index 64094fb8..bf805683 100644 --- a/install/debian/12/templates/web/nginx/private-force-https.stpl +++ b/install/debian/12/templates/web/nginx/private-force-https.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; diff --git a/install/debian/12/templates/web/nginx/private-hosting.stpl b/install/debian/12/templates/web/nginx/private-hosting.stpl index fd9471bd..8e5b3f7b 100644 --- a/install/debian/12/templates/web/nginx/private-hosting.stpl +++ b/install/debian/12/templates/web/nginx/private-hosting.stpl @@ -1,5 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% ssl http2; + listen %ip%:%proxy_ssl_port% ssl; + http2 on; server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%;