2024-08-22, 06:40 PM
(This post was last modified: 2024-08-22, 06:42 PM by TheDreadPirate. Edited 2 times in total.)
I wrote a guide for improving the security of plain Nginx. But they should still work with Nginx Proxy Manager.
https://forum.jellyfin.org/t-apache-ngin...ls-ciphers
Below is a modified list from my guide. I looked at the defaults in Nginx Proxy Manager and the options below are either not defined or the defaults are not as secure. In the Nginx Proxy Manager git "ssl_prefer_server_ciphers" is defined twice in two different configs. One on and one off, so I'm not sure which is actually used. But including it in your Nginx Proxy Manager config should override whatever default is actually applied.
In the Advanced tab of Nginx Proxy Manager, copy and paste the lines below.
I only use Nginx Proxy Manager on one of my test setups so I've never actually tried adding these settings. So let me know if these work or if it breaks it.
https://forum.jellyfin.org/t-apache-ngin...ls-ciphers
Below is a modified list from my guide. I looked at the defaults in Nginx Proxy Manager and the options below are either not defined or the defaults are not as secure. In the Nginx Proxy Manager git "ssl_prefer_server_ciphers" is defined twice in two different configs. One on and one off, so I'm not sure which is actually used. But including it in your Nginx Proxy Manager config should override whatever default is actually applied.
In the Advanced tab of Nginx Proxy Manager, copy and paste the lines below.
Code:
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:AES256-GCM-SHA384;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_session_tickets off;
I only use Nginx Proxy Manager on one of my test setups so I've never actually tried adding these settings. So let me know if these work or if it breaks it.