Apply fixes from v2

Author: jc21

docker/rootfs/etc/nginx/conf.d/default.conf

@@ -16,6 +16,7 @@ server {
 server {
 	listen 443 ssl default;
 	server_name localhost;
+	include conf.d/include/ssl-ciphers.conf;
 	include conf.d/include/block-exploits.conf;
 	access_log /data/logs/default.log proxy;
 	ssl_reject_handshake on;

docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf

@@ -3,7 +3,5 @@ ssl_session_cache shared:SSL:50m;
 
 # intermediate configuration. tweak to your needs.
 ssl_protocols TLSv1.2 TLSv1.3;
-ssl_ciphers 'EECDH+AESGCM:AES256+EECDH:AES256+EDH:EDH+AESGCM:ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-
-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AE
-S128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES';
-ssl_prefer_server_ciphers on;
+ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
+ssl_prefer_server_ciphers off;

docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/50-ipv46.sh

@@ -32,7 +32,7 @@ process_folder () {
 	for FILE in $FILES
 	do
 		echo "  - ${FILE}"
-		sed -E -i "$SED_REGEX" "$FILE" || true
+		echo "$(sed -E "$SED_REGEX" "$FILE")" > $FILE
 	done
 
 	# IPV6 ...
@@ -47,7 +47,7 @@ process_folder () {
 	for FILE in $FILES
 	do
 		echo "  - ${FILE}"
-		sed -E -i "$SED_REGEX" "$FILE" || true
+		echo "$(sed -E "$SED_REGEX" "$FILE")" > $FILE
 	done
 
 	# ensure the files are still owned by the npm user