Disassembler/Spotter-VM
1
0
Fork 0
Code Issues 78 Pull Requests Actions Packages Projects Releases Wiki Activity

Bump nginx configs (tcp_nodelay, TLSv1.3)

Browse Source
This commit is contained in:
Disassembler 2020-02-07 18:27:15 +01:00
parent 28a70e878e
commit 076786f482
Signed by: Disassembler
GPG Key ID: 524BD33A0EE29499
10 changed files with 18 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lxc-apps/cts/lxc/etc/nginx/nginx.conf
View File

@ -15,6 +15,7 @@ http {
server_tokens off; server_tokens off;
client_max_body_size 100m; client_max_body_size 100m;
sendfile on; sendfile on;
tcp_nodelay on;
send_timeout 300; send_timeout 300;
server { server {

1
lxc-apps/decidim/lxc/etc/nginx/nginx.conf
View File

@ -15,6 +15,7 @@ http {
server_tokens off; server_tokens off;
client_max_body_size 100m; client_max_body_size 100m;
sendfile on; sendfile on;
tcp_nodelay on;
send_timeout 300; send_timeout 300;
passenger_root /usr/local/lib/ruby/gems/2.6.0/gems/passenger-6.0.4; passenger_root /usr/local/lib/ruby/gems/2.6.0/gems/passenger-6.0.4;

2
lxc-apps/ecogis/lxc/etc/nginx/nginx.conf
View File

@ -15,6 +15,8 @@ http {
server_tokens off; server_tokens off;
client_max_body_size 100m; client_max_body_size 100m;
sendfile on; sendfile on;
tcp_nodelay on;
send_timeout 300;
server { server {
listen 8080; listen 8080;

2
lxc-apps/kanboard/lxc/etc/nginx/nginx.conf
View File

@ -15,6 +15,8 @@ http {
server_tokens off; server_tokens off;
client_max_body_size 100m; client_max_body_size 100m;
sendfile on; sendfile on;
tcp_nodelay on;
send_timeout 300;
server { server {
listen 8080; listen 8080;

1
lxc-apps/pandora/lxc/etc/nginx/nginx.conf
View File

@ -15,6 +15,7 @@ http {
server_tokens off; server_tokens off;
client_max_body_size 100m; client_max_body_size 100m;
sendfile on; sendfile on;
tcp_nodelay on;
send_timeout 300; send_timeout 300;
server { server {

2
lxc-apps/seeddms/lxc/etc/nginx/nginx.conf
View File

@ -15,6 +15,8 @@ http {
server_tokens off; server_tokens off;
client_max_body_size 100m; client_max_body_size 100m;
sendfile on; sendfile on;
tcp_nodelay on;
send_timeout 300;
server { server {
listen 8080; listen 8080;

2
lxc-apps/ushahidi/lxc/etc/nginx/nginx.conf
View File

@ -15,6 +15,8 @@ http {
server_tokens off; server_tokens off;
client_max_body_size 100m; client_max_body_size 100m;
sendfile on; sendfile on;
tcp_nodelay on;
send_timeout 300;
server { server {
listen 8080; listen 8080;

2
vm.sh
View File

@ -88,7 +88,7 @@ chroot /mnt setup-timezone -z Europe/Prague
apk --no-cache add apache2-utils gettext apk --no-cache add apache2-utils gettext
wget https://repo.spotter.cz/vm.tar -O - | tar xf - -C /mnt wget https://repo.spotter.cz/vm.tar -O - | tar xf - -C /mnt
envsubst </mnt/boot/extlinux.conf.old >/mnt/boot/extlinux.conf envsubst </mnt/boot/extlinux.conf.old >/mnt/boot/extlinux.conf
chroot /mnt apk --no-cache add bridge ca-certificates curl e2fsprogs-extra gettext iptables kbd-misc libressl logrotate postfix nginx openssh-server openssh-sftp-server util-linux wireguard-virt wireguard-tools-wg acme-sh@vm spoc@vm vmmgr@vm chroot /mnt apk --no-cache add bridge ca-certificates curl e2fsprogs-extra gettext iptables kbd-misc logrotate postfix nginx openssh-server openssh-sftp-server util-linux wireguard-virt wireguard-tools-wg acme-sh@vm spoc@vm vmmgr@vm
chroot /mnt newaliases chroot /mnt newaliases
for SERVICE in consolefont crond iptables networking nginx ntpd postfix spoc swap urandom vmmgr; do for SERVICE in consolefont crond iptables networking nginx ntpd postfix spoc swap urandom vmmgr; do
ln -s /etc/init.d/${SERVICE} /mnt/etc/runlevels/boot ln -s /etc/init.d/${SERVICE} /mnt/etc/runlevels/boot

2
vm/etc/iptables/rules-save
View File

@ -3,5 +3,5 @@
:INPUT ACCEPT [0:0] :INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0]
[0:0] -A POSTROUTING -o spocbr0 -j MASQUERADE [0:0] -A POSTROUTING -o eth0 -j MASQUERADE
COMMIT COMMIT

8
vm/etc/nginx/nginx.conf
View File

@ -15,15 +15,17 @@ http {
server_tokens off; server_tokens off;
client_max_body_size 100m; client_max_body_size 100m;
sendfile on; sendfile on;
tcp_nodelay on;
gzip_vary on; gzip_vary on;
charset utf-8; charset utf-8;
ssl_protocols TLSv1.2; ssl_protocols TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; ssl_prefer_server_ciphers off;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/ssl/services.pem; ssl_certificate /etc/ssl/services.pem;
ssl_certificate_key /etc/ssl/services.key; ssl_certificate_key /etc/ssl/services.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:1m; ssl_session_cache shared:SSL:1m;
ssl_session_tickets off;
log_format main '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"'; log_format main '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main; access_log /var/log/nginx/access.log main;