openvidu/openvidu-server/docker/openvidu-proxy/default_nginx_conf/global/ssl_config.conf

    # SSL Config
    ssl_certificate         /etc/letsencrypt/live/{domain_name}/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/{domain_name}/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem;

    ssl_session_cache shared:SSL:50m;
    ssl_session_timeout 5m;
    ssl_stapling on;
    ssl_stapling_verify on;

    ssl_protocols {ssl_protocols};
    ssl_ciphers "{ssl_ciphers}";
    ssl_prefer_server_ciphers off;

    add_header Strict-Transport-Security "{add_header_hsts}" always;
openvidu-deployment: General updates in nginx and public ip discovering: - Add option to redirect www to non-www (REDIRECT_WWW). - Add endpoint to check nginx workers. - Custom virtual hosts (Server blocks) can be added by the user to create custom rules in `/opt/openvidu/custom-nginx-vhost`. - Parametrize `worker_connections` in nginx.conf (WORKER_CONNECTIONS) - Improve `discover_my_public_ip.sh` to use dns servers instead of http servers - Posibility to autodiscover ipv6 if available by using `PUBLIC_IP=auto-ipv6` in nginx, `TURN_PUBLIC_IP=auto-ipv6` in coturn and `COTURN_IP=auto-ipv6` in openvidu-server. By default ipv4 is used. 2020-11-02 19:46:59 +01:00			`# SSL Config`
			`ssl_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem;`
			`ssl_certificate_key /etc/letsencrypt/live/{domain_name}/privkey.pem;`
			`ssl_trusted_certificate /etc/letsencrypt/live/{domain_name}/fullchain.pem;`

			`ssl_session_cache shared:SSL:50m;`
			`ssl_session_timeout 5m;`
			`ssl_stapling on;`
			`ssl_stapling_verify on;`

openvidu-proxy: Make TLS version, ciphers and HSTS configurable Allow flexible HTTPS security hardening using run-time configuration, rather just build-time container/volume layering. 2020-11-18 22:07:28 +01:00			`ssl_protocols {ssl_protocols};`
			`ssl_ciphers "{ssl_ciphers}";`
deployment: Nginx security improvements: - Disable TLSv1.0 and TLSv1.1 by default. - Use intermediate SSL ciphers following mozilla SSL generator: https://ssl-config.mozilla.org/#server=nginx&version=1.23.1&config=intermediate&openssl=1.1.1&guideline=5.6 - Enable HSTS by default 2022-11-10 14:39:38 +01:00			`ssl_prefer_server_ciphers off;`
openvidu-proxy: Make TLS version, ciphers and HSTS configurable Allow flexible HTTPS security hardening using run-time configuration, rather just build-time container/volume layering. 2020-11-18 22:07:28 +01:00
			`add_header Strict-Transport-Security "{add_header_hsts}" always;`