CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Disable nginx server version and TLSv1.0/TLSv1.1

Browse Source
This commit is contained in:
Jason Ertel
2020-10-28 14:29:29 -04:00
parent 348c2feee2
commit 98c669e80b
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
salt/nginx/etc/nginx.conf
View File

@@ -36,6 +36,8 @@ http {
types_hash_max_size 2048;
client_max_body_size 2500M;
server_tokens off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
@@ -88,6 +90,7 @@ http {
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2;
}
{%- endif %}
@@ -105,6 +108,7 @@ http {
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2;
location /fleet/ {
proxy_pass https://{{ main_ip }}:8080;
@@ -151,7 +155,7 @@ http {
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2;
location ~* (^/login/|^/js/.*|^/css/.*|^/images/.*) {
proxy_pass http://{{ url_base }}:9822;