...
If PhixFlow users encounter problems loading files into PhixFlow, you may need to further increase this setting. Only authenticated users are able to trigger a file upload, and even then only certain users will have access to funtions that cause a file upload. Even in an instance of PhixFlow that is available through the public internet, general users who are not athenticated on PhixFlow are not able to upload arbitrary files into PhixFlow.
Upload size
150MB for NGINX file upload size? this is now needed on ops live, have raised this as it seems very large to me - however, only authenticated users can use this function - is there a way to have user specific limits in NGINX, don't see how
Installing with apt
The instructions below are based on installation on a Debian-based distribution of Linux, and use the apt command. If you are installing on a RedHat-based distribution of Linux, the equivalent yum commands for NGINX installation are well documented on the web.
...
Code Block |
---|
ssl_session_cache shared:le_nginx_SSL:10m; ssl_session_timeout 1440m; ssl_session_tickets off; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers off; ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; |
...
openssl-1.1.1 and later
At version 1.1.1 OpenSSL changed the method of configuring ciphersuites for TLS1.3. This has an impact on configuration of ciphersuites in NGINX (https://trac.nginx.org/nginx/ticket/1529).
To determine if you are using OpenSSL at a version of 1.1.1 or later, take note of the version of libssl
on your linux distribution rather than openssl
itself. On Debian based distributions of linux, you can find these packges with the command dpkg --list | grep ssl
(this will probably show other ssl related packages, but you can ignore them for this assessment).
E.g. from Ubuntu 18.04:
...
In practice on Ubuntu, for example, on 22.04 the newer version of OpenSSL is used; on 18.04, the older version.
If you aren’t sure, try the configuration in this section, if you get an error when trying to start NGINX, try the other configuration below.
Edit the ssl_protocols
parameter to be:
Code Block |
---|
ssl_protocols TLSv1.3; |
Update the file to replace the current line that starts ssl_ciphers
to be:
Code Block |
---|
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384;
ssl_conf_command Ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256; |
Save and close the file.
Before openssl-1.1.1
Edit the ssl_protocols
parameter to be:
...
Code Block |
---|
ssl_ciphers "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"; |
Save and close the file.
Restart NGINX
Run the following to reload the NGINX configuration:
...