mirror of
https://github.com/thib8956/nginx-proxy
synced 2024-12-24 11:36:31 +00:00
Update doc with SSL_POLICY values
This commit is contained in:
parent
bf16afc665
commit
35f092ca30
10
README.md
10
README.md
@ -247,10 +247,18 @@ included because the following browsers will stop working when it is removed: Ch
|
||||
IE < 11, Safari < 7, iOS < 5, Android Browser < 5.
|
||||
|
||||
If you don't require backward compatibility, you can use the [Mozilla modern profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility)
|
||||
profile instead by including the environment variable `MODERN_SSL=true` to your container.
|
||||
profile instead by including the environment variable `SSL_POLICY=Mozilla-Modern` to your container.
|
||||
This profile is compatible with clients back to Firefox 27, Chrome 30, IE 11 on Windows 7,
|
||||
Edge, Opera 17, Safari 9, Android 5.0, and Java 8.
|
||||
|
||||
Other policies available through the `SSL_POLICY` environment variable are [`Mozilla-Old`](https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility)
|
||||
and the [AWS ELB Security Policies](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-policy-table.html)
|
||||
`AWS-TLS-1-2-2017-01`, `AWS-TLS-1-1-2017-01`, `AWS-2016-08`, `AWS-2015-05`, `AWS-2015-03` and `AWS-2015-02`.
|
||||
|
||||
Note that the `Mozilla-Old` policy should use a 1024 bits DH key for compatibility but this container generates
|
||||
a 2048 bits key. The [Diffie-Hellman Groups](#diffie-hellman-groups) section details different methods of bypassing
|
||||
this, either globally or per virtual-host.
|
||||
|
||||
The default behavior for the proxy when port 80 and 443 are exposed is as follows:
|
||||
|
||||
* If a container has a usable cert, port 80 will redirect to 443 for that container so that HTTPS
|
||||
|
Loading…
Reference in New Issue
Block a user