jowj/mattermost-docker
1
0
Fork 0
forked from mirrors/mattermost-docker
Code Issues Pull Requests Packages Projects Releases Wiki Activity

introduce TLS 1.3's 0-RTT

Browse Source
This commit is contained in:
Marco Kundt 2021-04-20 19:27:53 +02:00
parent 008c8c9483
commit 8b7bfdc889
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
nginx/mattermost.conf
View File

@ -54,6 +54,10 @@ server {
ssl_certificate /cert.pem; ssl_certificate /cert.pem;
ssl_certificate_key /key.pem; ssl_certificate_key /key.pem;
# enable TLSv1.3's 0-RTT. Use $ssl_early_data when reverse proxying to prevent replay attacks.
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data
ssl_early_data on;
# OCSP stapling # OCSP stapling
ssl_stapling on; ssl_stapling on;
ssl_stapling_verify on; ssl_stapling_verify on;
@ -94,6 +98,7 @@ server {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN; proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_set_header Early-Data $ssl_early_data;
proxy_buffers 256 16k; proxy_buffers 256 16k;
proxy_buffer_size 16k; proxy_buffer_size 16k;
client_body_timeout 60; client_body_timeout 60;
@ -113,6 +118,7 @@ server {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN; proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_set_header Early-Data $ssl_early_data;
proxy_buffers 256 16k; proxy_buffers 256 16k;
proxy_buffer_size 16k; proxy_buffer_size 16k;
proxy_read_timeout 600s; proxy_read_timeout 600s;