|
|
|
@@ -26,26 +26,24 @@ matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses: |
|
|
|
|
|
|
|
## Adjusting SSL in your server |
|
|
|
|
|
|
|
You can adjust how the SSL is served by the nginx server by setting the `matrix_nginx_proxy_ssl_preset`. This is based on the Mozilla Server Side TLS |
|
|
|
Recommended configurations. It changes the TLS Protocol, the SSL Cipher Suites and the `ssl_prefer_server_ciphers` variable of nginx. |
|
|
|
The posible values are: |
|
|
|
You can adjust how the SSL is served by the nginx server using the `matrix_nginx_proxy_ssl_preset` variable. We support a few presets, based on the Mozilla Server Side TLS |
|
|
|
Recommended configurations. These presets influence the TLS Protocol, the SSL Cipher Suites and the `ssl_prefer_server_ciphers` variable of nginx. |
|
|
|
Possible values are: |
|
|
|
|
|
|
|
- "modern" - For Modern clients that support TLS 1.3, with no need for backwards compatibility |
|
|
|
- "intermediate" - Recommended configuration for a general-purpose server |
|
|
|
- "old" - Services accessed by very old clients or libraries, such as Internet Explorer 8 (Windows XP), Java 6, or OpenSSL 0.9.8 |
|
|
|
- `"modern"` - For Modern clients that support TLS 1.3, with no need for backwards compatibility |
|
|
|
- `"intermediate"` (**default**) - Recommended configuration for a general-purpose server |
|
|
|
- `"old"` - Services accessed by very old clients or libraries, such as Internet Explorer 8 (Windows XP), Java 6, or OpenSSL 0.9.8 |
|
|
|
|
|
|
|
The default is set to `"intermediate"`. |
|
|
|
**Be really carefull when setting it to `"modern"`**. This could break comunication with other Matrix servers, limiting your federation posibilities. The |
|
|
|
[Federarion tester](https://federationtester.matrix.org/) also won't work. |
|
|
|
|
|
|
|
**Be really carefull when setting it to "modern"**. This could break the comunication with other matrix servers, limiting your feration posibilities and the |
|
|
|
[Federarion tester](https://federationtester.matrix.org/) won't work. |
|
|
|
|
|
|
|
If you want to override one of the values used by the preset, you can use this three variables: |
|
|
|
Besides changing the preset (`matrix_nginx_proxy_ssl_preset`), you can also directly override these 3 variables: |
|
|
|
|
|
|
|
- `matrix_nginx_proxy_ssl_protocols`: for specifying the supported TLS protocols. |
|
|
|
- `matrix_nginx_proxy_ssl_prefer_server_ciphers`: for specifying if the server or the client choice when negociating the chipher. It can set to "on" or "off". |
|
|
|
- `matrix_nginx_proxy_ssl_prefer_server_ciphers`: for specifying if the server or the client choice when negotiating the cipher. It can set to `on` or `off`. |
|
|
|
- `matrix_nginx_proxy_ssl_ciphers`: for specifying the SSL Cipher suites used by nginx. |
|
|
|
|
|
|
|
For more information about this variables, check the `roles/matrix-nginx-proxy/defaults/main.yml` file. |
|
|
|
For more information about these variables, check the `roles/matrix-nginx-proxy/defaults/main.yml` file. |
|
|
|
|
|
|
|
## Synapse + OpenID Connect for Single-Sign-On |
|
|
|
|
|
|
|
|
Slavi Pantaleev
hace 5 años
GitHub