brammp/HomeServerCTs
1
0
Fork 0
Code Issues Pull Requests Releases Activity
Files
main
HomeServerCTs/CT-Files/nginx/Configs/nginx.conf
Bram Prieshof d56e339443 CT Nginx: Disable OCSP/ssl_stapling by default 
Disableing this due to LE dropping support for it on May 7th, 2025
2025-01-28 01:41:31 +01:00

61 lines
2.0 KiB
Nginx Configuration File
Raw Permalink Blame History

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 1024;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
client_body_buffer_size 10K;
client_header_buffer_size 1k;
client_max_body_size 8m;
large_client_header_buffers 4 4k;
server_names_hash_bucket_size 64;
root /usr/share/nginx/html;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log off;
error_log /var/log/nginx/error.log;
#Gzip
gzip on;
gzip_proxied any;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
gzip_comp_level 2;
gzip_disable "msie6";
gzip_buffers 16 8k;
#SSL
resolver 8.8.8.8;
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:le_nginx_SSL:1m;
ssl_session_timeout 1440m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
add_header X-Frame-Options sameorigin;
add_header X-Content-Type-Options nosniff;
add_header X-Xss-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_dhparam /etc/acmesh/certs/ssl-dhparams.pem;
#Load Other configs
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
#Server config for unconfigured domains
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
add_header Content-Type text/html;
return 200 '<html><head></head><body>Nginx is functioning normally</body></html>';
}
}
Reference in New Issue View Git Blame Copy Permalink