Was just about to ask the same thing.
Whilst you may have decided to hard code it then really it requires change.
TLS 1.1 should not be enabled by default
Weak ciphers
various security headers missing
Standard nginx conf file has all the settings to adjust which you placed elsewhere. panelSite.py ?
Should be like this. TLS1.2 and 1.3 with backward compatibility ciphers which users can change to stronger if required.
ssl_protocols TLSv1.2 TLSv1.3
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH: DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384: DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA: DHE-RSA-AES256-SHA256: DHE-RSA-AES128-SHA256: DHE-RSA-AES256-SHA: DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA: DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_ecdh_curve secp384r1;
ssl_session_tickets off;
recommended headers to add
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header UserDir Disabled;
add_header ServerSignature Off;
add_header ServerTokens Prod;
add_header Referrer-Policy strict-origin-when-cross-origin;
Presently the panel and sites would all fail PCI compliance.