rwx.work/rtfd
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nginx/transfer

Browse source
This commit is contained in:
Marc Beninca 2019-08-06 21:39:18 +02:00
parent e6a08cf470
commit f67bfa3365
2 changed files with 72 additions and 68 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

70
in/personal/server/index.rst
View file

@ -309,6 +309,76 @@ Prepare a grub.cfg
Web
---
Configuration
^^^^^^^^^^^^^
* /etc/nginx/nginx.conf
::
pid /run/nginx.pid;
user user;
worker_processes auto;
events {
multi_accept off;
worker_connections 512;
}
http {
# General
keepalive_timeout 60;
sendfile on;
server_tokens off;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;
# Names
server_name_in_redirect off;
server_names_hash_bucket_size 128;
# File types
include mime.types;
default_type application/octet-stream;
# Security
ssl_buffer_size 8k;
ssl_ciphers "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ARIA256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ARIA128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256";
ssl_ecdh_curve "X448:X25519:secp521r1:secp384r1";
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_session_cache shared:ssl_session_cache:16m;
ssl_session_timeout 15m;
# Log
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# Compression
gzip off;
# Misc
client_max_body_size 16m;
index index.html;
proxy_pass_request_body on;
proxy_pass_request_headers on;
proxy_redirect off;
# Includes
include sites-enabled/*;
}
Security
^^^^^^^^

70
in/public/web/nginx/configure.rst
View file

@ -1,72 +1,6 @@
*********
Configure
*********
=========
* /etc/nginx/nginx.conf
.. code::
pid /run/nginx.pid;
user user;
worker_processes auto;
events {
multi_accept off;
worker_connections 512;
}
http {
# General
keepalive_timeout 60;
sendfile on;
server_tokens off;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;
# Names
server_name_in_redirect off;
server_names_hash_bucket_size 128;
# File types
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Security
ssl_buffer_size 8k;
ssl_ciphers "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ARIA256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ARIA128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256";
ssl_ecdh_curve "X448:X25519:secp521r1:secp384r1";
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_session_cache shared:ssl_session_cache:16m;
ssl_session_timeout 15m;
add_header Strict-Transport-Security "max-age=31557600; includeSubDomains; preload";
# Log
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# Compression
gzip off;
# Misc
client_max_body_size 16m;
index index.html;
proxy_pass_request_body on;
proxy_pass_request_headers on;
proxy_redirect off;
# Includes
include /etc/nginx/sites-enabled/*;
}
.. todo:: extract from server