Revert "Merge branch 'fix/nginx-ssl-sni' into staging/fixes"

Kristan Kenney · Kristan Kenney · commit b1a22f993b7a · 2020-11-03T17:58:34.000-04:00
This reverts commit 86b06ef.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -21,12 +21,12 @@ All notable changes to this project will be documented in this file.
 - Fixed an issue where a `no backend template doesn't exist` could potentially would appear after upgrade with older templates (#1322).
 - Introduced caching templates for nginx + php-fpm configurations  - thanks **@cmstew**!
 - Fixed an issue where DNS cluster updates could fail due to the format of a DKIM record in an available zone - thanks **@jrohde**!
-- Improved the behavior of nginx SSL SNI detection to reject connections for domains which have no SSL certificate - thanks **@myrevery**! 
 - Improved the quality of comment formatting in command line scripts - thanks **@bisubus**! 
 - Fixed an issue where the logo was not displayed in the File Manager - thanks **@robothemes**!
 - Fixed an issue in the Control Panel UI which caused databases and additional FTP accounts to be named incorrectly if manually prefaced with the username.
 - Improved the visibility of service availability in the Control Panel UI.
 
+
 ## [1.3.0] - Major Release (Feature / Quality Update)
 ### Features
 - Users can now choose to point a domain to a different document root location (similar to domain parking).
diff --git a/install/deb/nginx/unassigned.inc b/install/deb/nginx/unassigned.inc
@@ -37,7 +37,6 @@ server {
     server_name _;
     ssl_certificate      /usr/local/hestia/ssl/certificate.crt;
     ssl_certificate_key  /usr/local/hestia/ssl/certificate.key;
-    ssl_reject_handshake on;
 
     return 301 http://$host$request_uri;
 
diff --git a/install/deb/templates/web/nginx/proxy_ip.tpl b/install/deb/templates/web/nginx/proxy_ip.tpl
@@ -13,11 +13,10 @@ server {
 }
 
 server {
-    listen      %ip%:%proxy_ssl_port% ssl http2 default;
+    listen      %ip%:%proxy_ssl_port% ssl http2;
     server_name _;
     ssl_certificate      /usr/local/hestia/ssl/certificate.crt;
     ssl_certificate_key  /usr/local/hestia/ssl/certificate.key;
-    ssl_reject_handshake on;
 
     return 301 http://$host$request_uri;
 
diff --git a/install/upgrade/versions/1.3.1.sh b/install/upgrade/versions/1.3.1.sh
@@ -5,14 +5,3 @@
 #######################################################################################
 #######                      Place additional commands below.                   #######
 #######################################################################################
-
-# Update nginx configuration to block connections for unsigned (no SSL certificate) domains
-for ipaddr in $(ls /usr/local/hestia/data/ips/ 2>/dev/null); do
-    web_conf="/etc/$PROXY_SYSTEM/conf.d/$ipaddr.conf"
-
-    if [ "$PROXY_SYSTEM" = "nginx" ]; then
-        echo "[ * ] Hardening nginx SSL SNI configuration..."
-        cp -f $HESTIA_INSTALL_DIR/nginx/unassigned.inc $web_conf
-        sed -i 's/directIP/'$ipaddr'/g' $web_conf
-    fi
-done
