Welcome! Log In Create A New Profile

Re: In Nginx revers proxy unable to disable TLS1

Forum List Message List New Topic Print View

Maxim Dounin

December 10, 2018 10:04AM

Hello!

On Sun, Dec 09, 2018 at 11:56:33PM -0500, blason wrote:

> Do you mean I need to mention in each and every reverse proxy stanza or in
> default config?

You have to configure ssl_protocols in the default server for the
listening socket in question.

As previously suggested, most simple solution would be to
configure ssl_protocols in the http{} block in nginx.conf.

> Is this right?
>
> [root@xxxxxx conf.d]# vi default.conf
> server {
> listen 80 default_server;
> #server_name "";
> server_name _;
> return 444;
> ssl_protocols TLSv1.2;
>
> #charset koi8-r;
> #access_log /var/log/nginx/log/host.access.log main;
>
> location / {
> root /usr/share/nginx/html;
> index index.html index.htm;
> }

No. The server{} block in question is default for the port 80,
which is plain HTTP, and does not use SSL. Note

> listen 80 default_server;

is the only listening socket in this server block.

You need to configure ssl_protocols in the server{} block which is
the default for HTTPS listening socket, usually on port 443.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
In Nginx revers proxy unable to disable TLS1	blason	December 01, 2018 01:02AM
Re: In Nginx revers proxy unable to disable TLS1	Maxim Dounin	December 03, 2018 09:14AM
Re: In Nginx revers proxy unable to disable TLS1	blason	December 09, 2018 11:56PM
Re: In Nginx revers proxy unable to disable TLS1	Maxim Dounin	December 10, 2018 10:04AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 122

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018