tls 1.3 fixes (#58)

Author: enoch85

static/nginx.conf

@@ -0,0 +1,126 @@
+user www-data;
+worker_processes 2;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+	worker_rlimit_nofile 10240;
+
+events {
+        worker_connections 10240;
+        multi_accept on;
+        use epoll;
+}
+
+http {
+
+# GEO IP BLOCK DOMAIN
+geoip_country /usr/share/GeoIP/GeoIP.dat;
+  map $geoip_country_code $allowed_country {
+   default yes;
+    CN no; #China
+#    RU no; #Russia
+#    HK no; #Hong Kong
+#    IN no; #India
+#    IR no; #Iran
+#    VN no; #Vietnam
+#    TR no; #Turkey
+#    EG no; #Egypt
+#    MX no; #Mexico
+#    JP no; #Japan
+#    KR no; #South Korea
+#    KP no; #North Korea :)
+#    PE no; #Peru
+#    BR no; #Brazil
+#    UA no; #Ukraine
+#    ID no; #Indonesia
+#    TH no; #Thailand
+  }
+  
+# To activate GEO BLOCK, add this in the default conf:
+# COUNTRY GEO BLOCK
+#        if ($allowed_country = no) {
+#                return 444;
+#        }
+  
+
+	##
+	# Basic Settings
+	##
+
+        sendfile on;
+        tcp_nopush on;
+        tcp_nodelay on;
+        keepalive_timeout 65;
+        types_hash_max_size 2048;
+        server_tokens off;
+        client_body_timeout   10;
+        client_header_timeout 10;
+        client_header_buffer_size 128;
+
+	# server_names_hash_bucket_size 64;
+	# server_name_in_redirect off;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# SSL Settings
+	##
+
+  ssl_early_data on;
+	ssl_protocols TLSv1.2 TLSv1.3;
+	ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+	ssl_prefer_server_ciphers on;
+
+
+	
+	##
+	# Logging Settings
+	##
+
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log;
+
+	##
+	# Gzip Settings
+	##
+
+	gzip on;
+        gzip_disable "msie6";
+
+	# gzip_vary on;
+	# gzip_proxied any;
+	# gzip_comp_level 6;
+	  gzip_buffers 16 8k;
+	# gzip_http_version 1.1;
+	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+	##
+	# Virtual Host Configs
+	##
+
+	include /etc/nginx/conf.d/*.conf;
+	include /etc/nginx/sites-enabled/*;
+}
+
+
+#mail {
+#	# See sample authentication script at:
+#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
+# 
+#	# auth_http localhost/auth.php;
+#	# pop3_capabilities "TOP" "USER";
+#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
+# 
+#	server {
+#		listen     localhost:110;
+#		protocol   pop3;
+#		proxy      on;
+#	}
+# 
+#	server {
+#		listen     localhost:143;
+#		protocol   imap;
+#		proxy      on;
+#	}
+#}

wordpress_install.sh

@@ -113,6 +113,10 @@ fi
 # Update system
 apt update -q4 & spinner_loading
 
+# Install dependencies for GEO-block in Nginx
+install_if_not geoip-database
+install_if_not libgeoip1
+
 # Write MARIADB pass to file and keep it safe
 {
 echo "[client]"
@@ -165,12 +169,17 @@ run_static_script new_etc_mycnf
 apt install open-vm-tools -y
 
 # Install Nginx
+check_command yes | add-apt-repository ppa:nginx/stable
 apt update -q4 && spinner_loading
-check_command apt install nginx -y
+install_if_not nginx
 sudo systemctl stop nginx.service
 sudo systemctl start nginx.service
 sudo systemctl enable nginx.service
 
+# Download TLSv 1.3 modified nginx.conf
+rm -f /etc/nginx/nginx.conf
+check_command wget -q $STATIC/nginx.conf -P /etc/nginx/
+
 # Install PHP 7.2
 apt install -y \
         php \