Saucepan

User Tools

Site Tools

Trace:
linux:install_nginx

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
linux:install_nginx [2020/08/31 06:30] – external edit 127.0.0.1linux:install_nginx [2022/11/23 16:37] (current) bstafford
Line 6: Line 6:
 For CentOS 6.6 I resorted to disabling SELinux as I couldn't get the reverse proxy working with SELinux enabled For CentOS 6.6 I resorted to disabling SELinux as I couldn't get the reverse proxy working with SELinux enabled
  
 +===== SSL =====
 +In order to get https://internet.nl/ to give this site a clean bill of health, I had to regenerate the DH Param file.
 +<code>openssl genpkey -genparam -algorithm DH -pkeyopt dh_param:ffdhe4096 -out /etc/nginx/certs/cersdhparam.pem</code>
 =====Configure Repository===== =====Configure Repository=====
 <code>cat << EOF > /etc/yum.repos.d/nginx.repo <code>cat << EOF > /etc/yum.repos.d/nginx.repo
Line 94: Line 97:
     }     }
 }</code> }</code>
 +===== Strong TLS =====
 +<code>openssl dhparam -out /etc/nginx/certs/certsdhparam.pem 4096</code>
 +''/etc/nginx/snippits/ssl-params.confg
 +<code>ssl_protocols TLSv1.3;
 +ssl_prefer_server_ciphers on;
 +
 +ssl_dhparam /etc/nginx/certs/certsdhparam.pem;
 +ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;
 +#:ECDHE-RSA-AES256-SHA384;
 +
 +ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0</code>
linux/install_nginx.1598855443.txt.gz · Last modified: (external edit)