diff --git a/files/nginx/conf/000-default.conf b/files/nginx/conf/000-default.conf index 723be82..e3271cc 100644 --- a/files/nginx/conf/000-default.conf +++ b/files/nginx/conf/000-default.conf @@ -33,44 +33,44 @@ server { } } -# server { +server { -# listen 443 ssl default_server; -# listen [::]:443 ssl default_server; + listen 443 ssl default_server; + listen [::]:443 ssl default_server; -# server_name _; + server_name _; -# http2 on; + http2 on; -# ssl_certificate /etc/nginx/certs/mpp/fullchain.pem; -# ssl_certificate_key /etc/nginx/certs/mpp/privkey.pem; -# ssl_protocols TLSv1.2 TLSv1.3; -# ssl_ciphers 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:ECDHE-ARIA256-GCM-SHA384:DHE-RSA-ARIA256-GCM-SHA384:ECDHE-ARIA128-GCM-SHA256:DHE-RSA-ARIA128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM'; -# ssl_prefer_server_ciphers on; -# ssl_session_cache shared:SSL:20m; -# ssl_session_timeout 180m; + ssl_certificate /etc/nginx/certs/mpp/fullchain.pem; + ssl_certificate_key /etc/nginx/certs/mpp/privkey.pem; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:ECDHE-ARIA256-GCM-SHA384:DHE-RSA-ARIA256-GCM-SHA384:ECDHE-ARIA128-GCM-SHA256:DHE-RSA-ARIA128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM'; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:20m; + ssl_session_timeout 180m; -# ssl_stapling on; -# ssl_stapling_verify on; -# ssl_trusted_certificate /etc/nginx/certs/mpp/chain.pem; + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate /etc/nginx/certs/mpp/chain.pem; -# expires off; -# etag off; -# if_modified_since off; + expires off; + etag off; + if_modified_since off; -# gzip on; -# gzip_min_length 1000; -# gzip_proxied any; -# gzip_types *; -# gunzip on; + gzip on; + gzip_min_length 1000; + gzip_proxied any; + gzip_types *; + gunzip on; -# location / { -# root /usr/share/nginx/html; -# index index.html index.htm; -# } + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } -# if ($request_method !~ ^(GET|HEAD|POST)$ ) -# { -# return 405; -# } -# } + if ($request_method !~ ^(GET|HEAD|POST)$ ) + { + return 405; + } +}