From 9433ad997fe20327f85610d123971d1fd8b2860d Mon Sep 17 00:00:00 2001 From: Matthew R Date: Sat, 28 Mar 2020 18:16:27 -0400 Subject: [PATCH] small changes to nginx default config file --- src/static/nginx.conf | 46 +++++++++++++++++++++---------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/src/static/nginx.conf b/src/static/nginx.conf index 8e85df4..327a416 100644 --- a/src/static/nginx.conf +++ b/src/static/nginx.conf @@ -3,40 +3,40 @@ server { listen [::]:443 ssl http2; server_name [DOMAIN]; -ssl_certificate [CERTIFICATE]; -ssl_certificate_key [KEY]; + ssl_certificate [CERTIFICATE]; + ssl_certificate_key [KEY]; -ssl_session_cache builtin:1000 shared:SSL:10m; -include /etc/nginx/error/502; -include /etc/nginx/error/504; -include /etc/nginx/error/500; -include /etc/nginx/error/404; -include /etc/nginx/error/429; -ssl_protocols TLSv1.2 TLSv1.3; + ssl_session_cache builtin:1000 shared:SSL:10m; + include /etc/nginx/error/502; + include /etc/nginx/error/504; + include /etc/nginx/error/500; + include /etc/nginx/error/404; + include /etc/nginx/error/429; + ssl_protocols TLSv1.2 TLSv1.3; -ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; -ssl_prefer_server_ciphers on; + ssl_prefer_server_ciphers on; -ssl_stapling on; -ssl_stapling_verify on; + ssl_stapling on; + ssl_stapling_verify on; -limit_req zone=one burst=5; - location / { + limit_req zone=one burst=15; + location / { -proxy_set_header Host $host; + proxy_set_header Host $host; -proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Real-IP $remote_addr; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Proto $scheme; -proxy_pass http://localhost:[PORT]; + proxy_pass http://localhost:[PORT]; -proxy_read_timeout 90; + proxy_read_timeout 90; -proxy_redirect http://localhost:[PORT] https://[DOMAIN]; + proxy_redirect http://localhost:[PORT] https://[DOMAIN]; } -} \ No newline at end of file +}