danwin1210/hosting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Replace debian stock nginx with custom optimized nginx

Browse Source
This commit is contained in:
Daniel Winzen
2019-09-02 19:45:09 +02:00
parent df4c4275c7
commit 0b61a38c26
6 changed files with 41 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
etc/nginx/nginx.conf
View File

@ -1,7 +1,6 @@
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
pcre_jit on;
worker_rlimit_nofile 30000;
@ -76,8 +75,6 @@ http {
##
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
@ -85,6 +82,9 @@ http {
# gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml;
brotli on;
brotli_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml;
fastcgi_index index.php;
fastcgi_read_timeout 30m;
fastcgi_max_temp_file_size 0;
@ -94,6 +94,17 @@ http {
fastcgi_cache_path /tmp/nginx/ levels=2 keys_zone=fcache:5m inactive=1h max_size=1G;
fastcgi_cache_key $host$request_uri;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve X448:X25519:secp521r1:secp384r1:prime256v1;
ssl_ciphers HIGH:!PSK:!RSA:!aNULL:!MD5:!SHA:!CAMELLIA:!AES+SHA256:!AES+SHA384;
ssl_session_cache shared:SSL:10m;
ssl_stapling on;
ssl_stapling_verify on;
# ssl_certificate /etc/acme.sh/hosting.danwin1210.me_ecc/fullchain.cer;
# ssl_certificate_key /etc/acme.sh/hosting.danwin1210.me_ecc/hosting.danwin1210.me.key;
# ssl_dhparam /etc/nginx/dh4096.pem;
##
# Virtual Host Configs
##