7x31
/
mailcow-dockerized
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

enable http3/use new http2 config option

This commit is contained in:
Zoey 2023-06-16 18:01:46 +02:00
parent c873a14127
commit d3785f7ec8
No known key found for this signature in database
GPG Key ID: 02A3919EB4F67328
3 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
data/conf/nginx/includes/site-defaults.conf
View File

@ -5,6 +5,10 @@
server_tokens off;
http2 on;
http3 on;
quic_retry on;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;

8
data/conf/nginx/templates/listen_ssl.template
View File

@ -1,2 +1,6 @@
listen ${HTTPS_PORT} ssl http2;
listen [::]:${HTTPS_PORT} ssl http2;
listen ${HTTPS_PORT} ssl;
listen [::]:${HTTPS_PORT} ssl;
listen ${HTTPS_PORT} quic reuseport; # reuseport should only be specified once per port
listen [::]:${HTTPS_PORT} quic reuseport; # reuseport should only be specified once per port
add_header Alt-Svc 'h3=":${HTTPS_PORT}"; ma=86400';

1
docker-compose.yml
View File

@ -378,6 +378,7 @@ services:
- ./data/conf/rspamd/meta_exporter:/meta_exporter:ro,z
- sogo-web-vol-1:/usr/lib/GNUstep/SOGo/
ports:
- "${HTTPS_BIND:-}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}/udp"
- "${HTTPS_BIND:-}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
- "${HTTP_BIND:-}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"
restart: always