From 4bc8193f698945230d7dd848ce25cb2fe931b438 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 8 Jan 2021 21:13:01 +0200 Subject: [PATCH] Fix typos and improve wording --- docs/configuring-playbook-nginx.md | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/docs/configuring-playbook-nginx.md b/docs/configuring-playbook-nginx.md index a95fbf722..ba6c5c125 100644 --- a/docs/configuring-playbook-nginx.md +++ b/docs/configuring-playbook-nginx.md @@ -26,26 +26,24 @@ matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses: ## Adjusting SSL in your server -You can adjust how the SSL is served by the nginx server by setting the `matrix_nginx_proxy_ssl_preset`. This is based on the Mozilla Server Side TLS -Recommended configurations. It changes the TLS Protocol, the SSL Cipher Suites and the `ssl_prefer_server_ciphers` variable of nginx. -The posible values are: +You can adjust how the SSL is served by the nginx server using the `matrix_nginx_proxy_ssl_preset` variable. We support a few presets, based on the Mozilla Server Side TLS +Recommended configurations. These presets influence the TLS Protocol, the SSL Cipher Suites and the `ssl_prefer_server_ciphers` variable of nginx. +Possible values are: -- "modern" - For Modern clients that support TLS 1.3, with no need for backwards compatibility -- "intermediate" - Recommended configuration for a general-purpose server -- "old" - Services accessed by very old clients or libraries, such as Internet Explorer 8 (Windows XP), Java 6, or OpenSSL 0.9.8 +- `"modern"` - For Modern clients that support TLS 1.3, with no need for backwards compatibility +- `"intermediate"` (**default**) - Recommended configuration for a general-purpose server +- `"old"` - Services accessed by very old clients or libraries, such as Internet Explorer 8 (Windows XP), Java 6, or OpenSSL 0.9.8 -The default is set to `"intermediate"`. +**Be really carefull when setting it to `"modern"`**. This could break comunication with other Matrix servers, limiting your federation posibilities. The +[Federarion tester](https://federationtester.matrix.org/) also won't work. -**Be really carefull when setting it to "modern"**. This could break the comunication with other matrix servers, limiting your feration posibilities and the -[Federarion tester](https://federationtester.matrix.org/) won't work. - -If you want to override one of the values used by the preset, you can use this three variables: +Besides changing the preset (`matrix_nginx_proxy_ssl_preset`), you can also directly override these 3 variables: - `matrix_nginx_proxy_ssl_protocols`: for specifying the supported TLS protocols. -- `matrix_nginx_proxy_ssl_prefer_server_ciphers`: for specifying if the server or the client choice when negociating the chipher. It can set to "on" or "off". +- `matrix_nginx_proxy_ssl_prefer_server_ciphers`: for specifying if the server or the client choice when negotiating the cipher. It can set to `on` or `off`. - `matrix_nginx_proxy_ssl_ciphers`: for specifying the SSL Cipher suites used by nginx. -For more information about this variables, check the `roles/matrix-nginx-proxy/defaults/main.yml` file. +For more information about these variables, check the `roles/matrix-nginx-proxy/defaults/main.yml` file. ## Synapse + OpenID Connect for Single-Sign-On