diff options
| author | terminaldweller <thabogre@gmail.com> | 2022-07-15 13:47:56 +0000 |
|---|---|---|
| committer | terminaldweller <thabogre@gmail.com> | 2022-07-15 13:47:56 +0000 |
| commit | 5a2d75df546df3321b3a20ebe84dae2f91019e84 (patch) | |
| tree | ca27e5395beee772dc4931110018e135700c7a05 /terminaldweller.com | |
| parent | updates (diff) | |
| download | scripts-5a2d75df546df3321b3a20ebe84dae2f91019e84.tar.gz scripts-5a2d75df546df3321b3a20ebe84dae2f91019e84.zip | |
secrets
Diffstat (limited to 'terminaldweller.com')
| -rw-r--r-- | terminaldweller.com/ejabberd/ejabberd.yml | 6 | ||||
| -rw-r--r-- | terminaldweller.com/haproxy/haproxy.cfg | 10 |
2 files changed, 8 insertions, 8 deletions
diff --git a/terminaldweller.com/ejabberd/ejabberd.yml b/terminaldweller.com/ejabberd/ejabberd.yml index 11e4c57..86d9857 100644 --- a/terminaldweller.com/ejabberd/ejabberd.yml +++ b/terminaldweller.com/ejabberd/ejabberd.yml @@ -15,7 +15,7 @@ define_macro: - "no_sslv2" - "no_sslv3" - "no_tlsv1" - - "no_tlsv1_3" + - "no_tlsv1_1" - "cipher_server_preference" - "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128-GCM-SHA256:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA" - "no_compression" @@ -28,8 +28,8 @@ s2s_ciphers: 'TLS_CIPHERS' c2s_protocol_options: 'TLS_OPTIONS' s2s_protocol_options: 'TLS_OPTIONS' certfiles: - - /usr/local/etc/self_signed/ej2.pem - #- '/opt/ejabberd/certs/ejabberd.pem' + # - /usr/local/etc/self_signed/ej2.pem + - /opt/ejabberd/certs/ejabberd.pem #- '/var/lib/ejabberd/acme/fullchain1.pem' #- '/var/lib/ejabberd/acme/chain1.pem' #- '/var/lib/ejabberd/acme/cert1.pem' diff --git a/terminaldweller.com/haproxy/haproxy.cfg b/terminaldweller.com/haproxy/haproxy.cfg index b21026d..825b2b3 100644 --- a/terminaldweller.com/haproxy/haproxy.cfg +++ b/terminaldweller.com/haproxy/haproxy.cfg @@ -120,8 +120,9 @@ frontend https # use_backend chat-backend-c2s if chat-host-s frontend jabbber5222 bind *:5222 - mode http - acl chat-host hdr_sub(host) -i chat.terminaldweller.com + timeout client 60s + mode tcp + acl chat-host req.ssl_sni -i chat.terminaldweller.com use_backend chat-backend-c2s if chat-host frontend jabber5223 bind *:5223 @@ -296,9 +297,8 @@ backend chat-backend-s option ssl-hello-chk server chat-host 130.185.121.80:5443 backend chat-backend-c2s - #mode tcp - mode http - option forwardfor + mode tcp + option ssl-hello-chk server chat-host 130.185.121.80:5222 backend chat-auth-backend-s mode tcp |