Skip to content

Commit

Permalink
test http3 and tls 1.3
Browse files Browse the repository at this point in the history
  • Loading branch information
mhf-ir committed May 4, 2024
1 parent 8b8bb9a commit 875cb13
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 4 deletions.
3 changes: 2 additions & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ ENV ASM_NGX_EXTRA_ACCESS_LOG_COMMENT="" \
ASM_NGX_EXTRA_PROXY_CACHE_SLOW_SIZE="4096m" \
ASM_NGX_EXTRA_PROXY_CACHE_FAST_COMMENT="" \
ASM_NGX_EXTRA_PROXY_CACHE_SLOW_COMMENT="" \
ASM_NGX_EXTRA_SSL_PROFILE="intermediate" \
ASM_NGX_EXTRA_SSL_PROFILE="modern" \
ASM_NGX_EXTRA_MONITORING_PORT="8127" \
ASM_NGX_EXTRA_CLIENT_BODY_BUFFER_SIZE="256k" \
ASM_NGX_EXTRA_CLIENT_HEADER_BUFFER_SIZE="2k" \
Expand All @@ -33,6 +33,7 @@ COPY entrypoint.sh /entrypoint.sh
RUN apk add --no-cache \
ca-certificates \
gettext \
tzdata \
nginx \
nginx-mod-devel-kit \
nginx-mod-http-brotli \
Expand Down
4 changes: 4 additions & 0 deletions conf.d/http/default_server.conf
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ server {
server {
listen 80 default_server;
listen 443 default_server ssl http2;
listen 443 default_server quic reuseport;

server_name _;

Expand All @@ -25,6 +26,9 @@ server {
ssl_certificate_key /.defaults/cert/privkey.pem;
ssl_trusted_certificate /.defaults/cert/chain.pem;

# add Alt-Svc header to negotiate HTTP/3.
add_header alt-svc 'h3=":443"; ma=86400';

location = /robots.txt {
return 200 "User-agent: *\nDisallow: /";
}
Expand Down
4 changes: 1 addition & 3 deletions nginx/.defaults/ssl/profile.runtime.conf
Original file line number Diff line number Diff line change
@@ -1,4 +1,2 @@
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_dhparam /.defaults/cert/dhparam.pem;

0 comments on commit 875cb13

Please sign in to comment.