Update 000-default.conf

This commit is contained in:
Matte 2024-04-18 18:01:32 +03:00
parent dd1d4140ef
commit ae1c3587f9

View File

@ -33,44 +33,44 @@ server {
} }
} }
server { # server {
listen 443 ssl default_server; # listen 443 ssl default_server;
listen [::]:443 ssl default_server; # listen [::]:443 ssl default_server;
server_name _; # server_name _;
http2 on; # http2 on;
ssl_certificate /etc/nginx/certs/mpp/fullchain.pem; # ssl_certificate /etc/nginx/certs/mpp/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/mpp/privkey.pem; # ssl_certificate_key /etc/nginx/certs/mpp/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3; # ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:ECDHE-ARIA256-GCM-SHA384:DHE-RSA-ARIA256-GCM-SHA384:ECDHE-ARIA128-GCM-SHA256:DHE-RSA-ARIA128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM'; # ssl_ciphers 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:ECDHE-ARIA256-GCM-SHA384:DHE-RSA-ARIA256-GCM-SHA384:ECDHE-ARIA128-GCM-SHA256:DHE-RSA-ARIA128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM';
ssl_prefer_server_ciphers on; # ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:20m; # ssl_session_cache shared:SSL:20m;
ssl_session_timeout 180m; # ssl_session_timeout 180m;
ssl_stapling on; # ssl_stapling on;
ssl_stapling_verify on; # ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certs/mpp/chain.pem; # ssl_trusted_certificate /etc/nginx/certs/mpp/chain.pem;
expires off; # expires off;
etag off; # etag off;
if_modified_since off; # if_modified_since off;
gzip on; # gzip on;
gzip_min_length 1000; # gzip_min_length 1000;
gzip_proxied any; # gzip_proxied any;
gzip_types *; # gzip_types *;
gunzip on; # gunzip on;
location / { # location / {
root /usr/share/nginx/html; # root /usr/share/nginx/html;
index index.html index.htm; # index index.html index.htm;
} # }
if ($request_method !~ ^(GET|HEAD|POST)$ ) # if ($request_method !~ ^(GET|HEAD|POST)$ )
{ # {
return 405; # return 405;
} # }
} # }