Nginx 1.17.10 working as a reverse proxy for Vesta Admin Control Panel where it is installed as nginx-vesta. You can check the vesta-nginx version:
# /usr/local/vesta/nginx/sbin/vesta-nginx -v
nginx version: nginx/1.12.2
Vesta Nginx Location# cd /usr/local/vesta/nginx
Take Backup vesta-nginx configuration file# cd /usr/local/vesta/nginx/conf
# cp -a nginx.conf nginx.conf-bak
1. Replace the below code # vi /usr/local/vesta/nginx/conf/nginx.conf
# SSL PCI Compliance
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_session_cache shared:SSL:10m;
ssl_prefer_server_ciphers on;
With# SSL Settings
#ssl_protocols TLSv1.3;# Requires nginx >= 1.13.0 else use TLSv1.2
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 4096
#ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
# OCSP stapling
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
port_in_redirect off;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
2. Replace the below code ssl on;
ssl_certificate /usr/local/vesta/ssl/certificate.crt;
ssl_certificate_key /usr/local/vesta/ssl/certificate.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
Withssl on;
ssl_certificate /usr/local/vesta/ssl/certificate.crt;
ssl_certificate_key /usr/local/vesta/ssl/certificate.key;
# SSL Settings
#ssl_protocols TLSv1.3;# Requires nginx >= 1.13.0 else use TLSv1.2
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 4096
#ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
# OCSP stapling
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
port_in_redirect off;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
Check Vesta-Nginx syntax and Restart# /usr/local/vesta/nginx/sbin/vesta-nginx -t
Comments
Post a Comment