]> git.pld-linux.org Git - packages/nginx.git/blobdiff - nginx.conf
projects / packages / nginx.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
- update to current intermediate mozilla recommendation
[packages/nginx.git] / nginx.conf
diff --git a/nginx.conf b/nginx.conf
index bf85aaa880e6bfb949b615a2378fb7eabd21cde9..63f7a9ecb59aab5c4b61ba93b531039c3a19cf24 100644 (file)
--- a/nginx.conf
+++ b/nginx.conf
@@ -7,14 +7,17 @@ worker_processes auto;
 error_log /var/log/nginx/error.log;
 pid /var/run/nginx.pid;
 
+# Load dynamic modules first
+include modules.d/*.conf;
+
 events {
        worker_connections 2048;
        use epoll;
 }
 
 http {
-       log_format main '$remote_addr - $remote_user [$time_local] $request '
-                       '"$status" $body_bytes_sent "$http_referer" '
+       log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+                       '$status $body_bytes_sent "$http_referer" '
                        '"$http_user_agent" "$http_x_forwarded_for"';
        access_log /var/log/nginx/access.log main;
 
@@ -53,13 +56,16 @@ http {
                # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
                #ssl_dhparam /etc/nginx/dhparam.pem;
 
-               # intermediate configuration. tweak to your needs.
-               #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-               #ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
-               #ssl_prefer_server_ciphers on;
+               # modern tweak to your needs.
+               # https://ssl-config.mozilla.org/#server=nginx&server-version=1.17.0&config=intermediate
+
+               # intermediate configuration
+               # ssl_protocols TLSv1.2 TLSv1.3;
+               # ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+               # ssl_prefer_server_ciphers off;
 
-               # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
-               #add_header Strict-Transport-Security max-age=15768000;
+               # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+               # add_header Strict-Transport-Security "max-age=63072000" always;
 
                # OCSP Stapling ---
                # fetch OCSP records from URL in ssl_certificate and cache them
@@ -69,7 +75,6 @@ http {
                # verify chain of trust of OCSP response using Root CA and Intermediate certs
                #ssl_trusted_certificate /etc/nginx/ca.crt;
 
-               server_name     localhost;
                access_log      /var/log/nginx/access.log main;
 
                location / {
High perfomance HTTP and reverse proxy server
This page took 0.326244 seconds and 4 git commands to generate.