]> git.pld-linux.org Git - packages/nginx.git/blobdiff - nginx.conf
projects / packages / nginx.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
- up to 1.16.1; fixes CVE-2019-9511, CVE-2019-9513,
[packages/nginx.git] / nginx.conf
diff --git a/nginx.conf b/nginx.conf
index f62e6d2cf4654affe32504cd59f43176bed438c4..701b61d6b9d98cf9220e968bfd0f4a6fd8e24b29 100644 (file)
--- a/nginx.conf
+++ b/nginx.conf
@@ -16,8 +16,8 @@ events {
 }
 
 http {
-       log_format main '$remote_addr - $remote_user [$time_local] $request '
-                       '"$status" $body_bytes_sent "$http_referer" '
+       log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+                       '$status $body_bytes_sent "$http_referer" '
                        '"$http_user_agent" "$http_x_forwarded_for"';
        access_log /var/log/nginx/access.log main;
 
@@ -56,9 +56,10 @@ http {
                # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
                #ssl_dhparam /etc/nginx/dhparam.pem;
 
-               # intermediate configuration. tweak to your needs.
-               #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-               #ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
+               # modern tweak to your needs.
+               # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.14.0&openssl=1.1.1&hsts=yes&profile=modern
+               #ssl_protocols TLSv1.2 TLSv1.3;
+               #ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
                #ssl_prefer_server_ciphers on;
 
                # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
@@ -72,7 +73,6 @@ http {
                # verify chain of trust of OCSP response using Root CA and Intermediate certs
                #ssl_trusted_certificate /etc/nginx/ca.crt;
 
-               server_name     localhost;
                access_log      /var/log/nginx/access.log main;
 
                location / {
High perfomance HTTP and reverse proxy server
This page took 0.051642 seconds and 4 git commands to generate.