Bump nginx configs (tcp_nodelay, TLSv1.3)
This commit is contained in:
parent
28a70e878e
commit
076786f482
@ -15,6 +15,7 @@ http {
|
||||
server_tokens off;
|
||||
client_max_body_size 100m;
|
||||
sendfile on;
|
||||
tcp_nodelay on;
|
||||
send_timeout 300;
|
||||
|
||||
server {
|
||||
|
@ -15,6 +15,7 @@ http {
|
||||
server_tokens off;
|
||||
client_max_body_size 100m;
|
||||
sendfile on;
|
||||
tcp_nodelay on;
|
||||
send_timeout 300;
|
||||
|
||||
passenger_root /usr/local/lib/ruby/gems/2.6.0/gems/passenger-6.0.4;
|
||||
|
@ -15,6 +15,8 @@ http {
|
||||
server_tokens off;
|
||||
client_max_body_size 100m;
|
||||
sendfile on;
|
||||
tcp_nodelay on;
|
||||
send_timeout 300;
|
||||
|
||||
server {
|
||||
listen 8080;
|
||||
|
@ -15,6 +15,8 @@ http {
|
||||
server_tokens off;
|
||||
client_max_body_size 100m;
|
||||
sendfile on;
|
||||
tcp_nodelay on;
|
||||
send_timeout 300;
|
||||
|
||||
server {
|
||||
listen 8080;
|
||||
|
@ -15,6 +15,7 @@ http {
|
||||
server_tokens off;
|
||||
client_max_body_size 100m;
|
||||
sendfile on;
|
||||
tcp_nodelay on;
|
||||
send_timeout 300;
|
||||
|
||||
server {
|
||||
|
@ -15,6 +15,8 @@ http {
|
||||
server_tokens off;
|
||||
client_max_body_size 100m;
|
||||
sendfile on;
|
||||
tcp_nodelay on;
|
||||
send_timeout 300;
|
||||
|
||||
server {
|
||||
listen 8080;
|
||||
|
@ -15,6 +15,8 @@ http {
|
||||
server_tokens off;
|
||||
client_max_body_size 100m;
|
||||
sendfile on;
|
||||
tcp_nodelay on;
|
||||
send_timeout 300;
|
||||
|
||||
server {
|
||||
listen 8080;
|
||||
|
2
vm.sh
2
vm.sh
@ -88,7 +88,7 @@ chroot /mnt setup-timezone -z Europe/Prague
|
||||
apk --no-cache add apache2-utils gettext
|
||||
wget https://repo.spotter.cz/vm.tar -O - | tar xf - -C /mnt
|
||||
envsubst </mnt/boot/extlinux.conf.old >/mnt/boot/extlinux.conf
|
||||
chroot /mnt apk --no-cache add bridge ca-certificates curl e2fsprogs-extra gettext iptables kbd-misc libressl logrotate postfix nginx openssh-server openssh-sftp-server util-linux wireguard-virt wireguard-tools-wg acme-sh@vm spoc@vm vmmgr@vm
|
||||
chroot /mnt apk --no-cache add bridge ca-certificates curl e2fsprogs-extra gettext iptables kbd-misc logrotate postfix nginx openssh-server openssh-sftp-server util-linux wireguard-virt wireguard-tools-wg acme-sh@vm spoc@vm vmmgr@vm
|
||||
chroot /mnt newaliases
|
||||
for SERVICE in consolefont crond iptables networking nginx ntpd postfix spoc swap urandom vmmgr; do
|
||||
ln -s /etc/init.d/${SERVICE} /mnt/etc/runlevels/boot
|
||||
|
@ -3,5 +3,5 @@
|
||||
:INPUT ACCEPT [0:0]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
:POSTROUTING ACCEPT [0:0]
|
||||
[0:0] -A POSTROUTING -o spocbr0 -j MASQUERADE
|
||||
[0:0] -A POSTROUTING -o eth0 -j MASQUERADE
|
||||
COMMIT
|
||||
|
@ -15,15 +15,17 @@ http {
|
||||
server_tokens off;
|
||||
client_max_body_size 100m;
|
||||
sendfile on;
|
||||
tcp_nodelay on;
|
||||
gzip_vary on;
|
||||
charset utf-8;
|
||||
|
||||
ssl_protocols TLSv1.2;
|
||||
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_protocols TLSv1.3;
|
||||
ssl_prefer_server_ciphers off;
|
||||
ssl_certificate /etc/ssl/services.pem;
|
||||
ssl_certificate_key /etc/ssl/services.key;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:SSL:1m;
|
||||
ssl_session_tickets off;
|
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
|
||||
access_log /var/log/nginx/access.log main;
|
||||
|
Loading…
Reference in New Issue
Block a user