Merge d3785f7ec8 into 9ba5c13702

2023-08-28 16:24:48 +02:00 · 2023-08-28 16:24:48 +02:00 · 0332995cf4
parent 9ba5c13702 d3785f7ec8
commit 0332995cf4
3 changed files with 11 additions and 2 deletions
--- a/data/conf/nginx/includes/site-defaults.conf
+++ b/data/conf/nginx/includes/site-defaults.conf
@ -5,6 +5,10 @@
  server_tokens off;
  http2 on;
  http3 on;
  quic_retry on;
  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_prefer_server_ciphers on;
  ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
--- a/data/conf/nginx/templates/listen_ssl.template
+++ b/data/conf/nginx/templates/listen_ssl.template
@ -1,2 +1,6 @@
-listen ${HTTPS_PORT} ssl http2;
+listen ${HTTPS_PORT} ssl;
-listen [::]:${HTTPS_PORT} ssl http2;
+listen [::]:${HTTPS_PORT} ssl;
 listen ${HTTPS_PORT} quic reuseport; # reuseport should only be specified once per port
 listen [::]:${HTTPS_PORT} quic reuseport; # reuseport should only be specified once per port
 add_header Alt-Svc 'h3=":${HTTPS_PORT}"; ma=86400';
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -380,6 +380,7 @@ services:
        - ./data/conf/rspamd/meta_exporter:/meta_exporter:ro,z
        - sogo-web-vol-1:/usr/lib/GNUstep/SOGo/
      ports:
        - "${HTTPS_BIND:-}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}/udp"
        - "${HTTPS_BIND:-}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
        - "${HTTP_BIND:-}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"
      restart: always