From 93b3fd51d8599e06188f77cf241ecc871a977a10 Mon Sep 17 00:00:00 2001
From: zhengkunwang223 <1paneldev@sina.com>
Date: Fri, 2 May 2025 19:26:06 +0800
Subject: [PATCH] feat: add openresty default ssl config

---
 openresty/1.27.1.2-0-1-focal/conf/ssl/root_ssl.conf | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 openresty/1.27.1.2-0-1-focal/conf/ssl/root_ssl.conf

diff --git a/openresty/1.27.1.2-0-1-focal/conf/ssl/root_ssl.conf b/openresty/1.27.1.2-0-1-focal/conf/ssl/root_ssl.conf
new file mode 100644
index 000000000..0fe8653d8
--- /dev/null
+++ b/openresty/1.27.1.2-0-1-focal/conf/ssl/root_ssl.conf
@@ -0,0 +1,8 @@
+ssl_certificate    /usr/local/openresty/nginx/conf/ssl/fullchain.pem;
+ssl_certificate_key    /usr/local/openresty/nginx/conf/ssl/privkey.pem;
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!SRP:!CAMELLIA:!SEED;
+ssl_prefer_server_ciphers off;
+ssl_session_cache shared:SSL:10m;
+ssl_session_timeout 10m;
+add_header Strict-Transport-Security "max-age=31536000";
\ No newline at end of file