1efb13abf9
- Updated to 1.27.4 * https://nginx.org/en/CHANGES * Fixed insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different virtual server, to bypass client SSL certificates verification (CVE-2025-23419). * Added the "ssl_object_cache_inheritable", "ssl_certificate_cache", "proxy_ssl_certificate_cache", "grpc_ssl_certificate_cache", and "uwsgi_ssl_certificate_cache", "keepalive_min_timeout" directives. * Fixed nginx could not build libatomic library using the library sources if the --with-libatomic=DIR option was used. OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=278
32 lines
802 B
Desktop File
32 lines
802 B
Desktop File
[Unit]
|
|
Description=The nginx HTTP and reverse proxy server
|
|
After=network-online.target remote-fs.target nss-lookup.target
|
|
Wants=network-online.target
|
|
|
|
[Service]
|
|
RuntimeDirectory=nginx
|
|
PIDFile=/run/nginx.pid
|
|
ExecStartPre=/usr/sbin/nginx -t
|
|
ExecStart=/usr/sbin/nginx -g "daemon off;"
|
|
ExecReload=/bin/kill -s HUP $MAINPID
|
|
KillSignal=SIGQUIT
|
|
TimeoutStopSec=5
|
|
KillMode=mixed
|
|
PrivateTmp=true
|
|
# added automatically, for details please see
|
|
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
ProtectSystem=full
|
|
ProtectHome=read-only
|
|
PrivateDevices=true
|
|
ProtectHostname=true
|
|
ProtectClock=true
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelLogs=true
|
|
ProtectControlGroups=true
|
|
RestrictRealtime=true
|
|
# end of automatic additions
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|