v3.11.0 (#211)

- PHP 7.4 support - Improved Webp images support with Cloudflare (Issue [#95](https://github.com/WordOps/WordOps/issues/95)). Nginx will not serve webp images alternative with Cloudflare IP ranges. - Stack upgrade for adminer - Check acme.sh installation and setup acme.sh if needed before issuing certificate - Add `--ufw` to `wo stack status` - Add Nginx directive `gzip_static on;` to serve precompressed assets with Cache-Enabler or WP-Rocket. (Issue [#207](https://github.com/WordOps/WordOps/issues/207)) - Previous `--php73` & `--php73=off` flags are replaced by `--php72`, `--php73`, `--php74` to switch site's php version - phpMyAdmin updated to v4.9.2 - Adminer updated to v4.7.5 - Replace dot and dashes by underscores in database names (Issue [#206](https://github.com/WordOps/WordOps/issues/206)) - Increased database name length to 32 characters from domain name + 8 random characters - typo error in motd-news script (Issue [#204](https://github.com/WordOps/WordOps/issues/204)) - Install Nginx before ngxblocker - WordOps install/update script text color - Issue with MySQL stack on Raspbian 9/10 - Typo error (PR [#205](https://github.com/WordOps/WordOps/pull/205)) - php version in `wo debug` (PR [#209](https://github.com/WordOps/WordOps/pull/209)) - SSL certificates expiration display with shared wildcard certificates
2019-12-03 19:48:18 +01:00
parent 63d2acf7ba
commit 01ee8c0a13
72 changed files with 3222 additions and 2521 deletions
--- a/wo/cli/templates/nginx-core.mustache
+++ b/wo/cli/templates/nginx-core.mustache
@@ -16,7 +16,7 @@ events {

 http {
 	##
-	# WordOps Settings
+	# WordOps Settings - WordOps {{release}}
 	##

 	keepalive_timeout 8;
@@ -51,17 +51,18 @@ http {
 	# SSL Settings
 	##

+	# Enable 0-RTT support for TLS 1.3
+	proxy_set_header Early-Data $ssl_early_data;
+	ssl_early_data on;
+
 	ssl_session_timeout 1d;
 	ssl_session_cache shared:SSL:50m;
 	ssl_session_tickets off;
 	ssl_prefer_server_ciphers on;
-	ssl_early_data on;
-	{{#tls13}}ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+AESGCM:EECDH+CHACHA20';
-	ssl_protocols TLSv1.2 TLSv1.3;{{/tls13}}
+	ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+AESGCM:EECDH+CHACHA20';
+	ssl_protocols TLSv1.2 TLSv1.3;
 	ssl_ecdh_curve X25519:P-521:P-384:P-256;
-	{{^tls13}}# Previous TLS v1.2 configuration
-	ssl_protocols TLSv1.2;
-	ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;{{/tls13}}
+

 	# Common security headers
 	more_set_headers "X-Frame-Options : SAMEORIGIN";