|
|
@@ -504,7 +504,7 @@ What Are You Doing?
|
|
|
LISTENOPT="443 ssl spdy"
|
|
|
fi
|
|
|
Create_SSL
|
|
|
- Nginx_conf=$(echo -e "listen 80;\n listen ${LISTENOPT};\n ssl_certificate ${PATH_SSL}/${domain}.crt;\n ssl_certificate_key ${PATH_SSL}/${domain}.key;\n ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;\n ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;\n ssl_prefer_server_ciphers on;\n ssl_session_timeout 10m;\n ssl_session_cache builtin:1000 shared:SSL:10m;\n ssl_buffer_size 1400;\n add_header Strict-Transport-Security max-age=15768000;\n ssl_stapling on;\n ssl_stapling_verify on;\n")
|
|
|
+ Nginx_conf=$(echo -e "listen 0.0.0.0:80;\n listen [::]:80 default ipv6only=on;\n listen ${LISTENOPT};\n listen [::]:${LISTENOPT} default ipv6only=on;\n ssl_certificate ${PATH_SSL}/${domain}.crt;\n ssl_certificate_key ${PATH_SSL}/${domain}.key;\n ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;\n ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;\n ssl_prefer_server_ciphers on;\n ssl_session_timeout 10m;\n ssl_session_cache builtin:1000 shared:SSL:10m;\n ssl_buffer_size 1400;\n add_header Strict-Transport-Security max-age=15768000;\n ssl_stapling on;\n ssl_stapling_verify on;\n")
|
|
|
Apache_SSL=$(echo -e "SSLEngine on\n SSLCertificateFile \"${PATH_SSL}/${domain}.crt\"\n SSLCertificateKeyFile \"${PATH_SSL}/${domain}.key\"")
|
|
|
elif [ "$apache_ssl_flag" == 'y' ]; then
|
|
|
Create_SSL
|
eallion