diff --git a/basic/etc/conf.d/consolefont b/basic/etc/conf.d/consolefont index 03753e1..647a42b 100644 --- a/basic/etc/conf.d/consolefont +++ b/basic/etc/conf.d/consolefont @@ -1,11 +1,2 @@ -# The consolefont service is not activated by default. If you need to -# use it, you should run "rc-update add consolefont boot" as root. -# -# consolefont specifies the default font that you'd like Linux to use on the -# console. You can find a good selection of fonts in /usr/share/consolefonts; consolefont="lat2-sun16.psfu.gz" - -# consoletranslation is the charset map file to use. Leave commented to use -# the default one. Have a look in /usr/share/consoletrans for a selection of -# map files you can use. consoletranslation="8859-2_to_uni.trans" diff --git a/basic/etc/nginx/nginx.conf b/basic/etc/nginx/nginx.conf index 48123f6..3b52ac1 100644 --- a/basic/etc/nginx/nginx.conf +++ b/basic/etc/nginx/nginx.conf @@ -1,98 +1,33 @@ -# /etc/nginx/nginx.conf - user nginx; - -# Set number of worker processes automatically based on number of CPU cores. worker_processes auto; - -# Enables the use of JIT for regular expressions to speed-up their processing. pcre_jit on; - -# Configures default error logger. error_log /var/log/nginx/error.log warn; - -# Includes files with directives to load dynamic modules. include /etc/nginx/modules/*.conf; - events { - # The maximum number of simultaneous connections that can be opened by - # a worker process. worker_connections 1024; } http { - # Includes mapping of file name extensions to MIME types of responses - # and defines the default type. include /etc/nginx/mime.types; default_type application/octet-stream; - # Name servers used to resolve names of upstream servers into addresses. - # It's also needed when using tcpsocket and udpsocket in Lua modules. - #resolver 208.67.222.222 208.67.220.220; - - # Don't tell nginx version to clients. server_tokens off; - - # Specifies the maximum accepted body size of a client request, as - # indicated by the request header Content-Length. If the stated content - # length is greater than this size, then the client receives the HTTP - # error code 413. Set to 0 to disable. client_max_body_size 100m; - - # Timeout for keep-alive connections. Server will close connections after - # this time. keepalive_timeout 65; - - # Sendfile copies data between one FD and other from within the kernel, - # which is more efficient than read() + write(). sendfile on; - - # Don't buffer data-sends (disable Nagle algorithm). - # Good for sending frequent small bursts of data in real time. tcp_nodelay on; - - # Causes nginx to attempt to send its HTTP response head in one packet, - # instead of using partial frames. - #tcp_nopush on; - - - # Path of the file with Diffie-Hellman parameters for EDH ciphers. - #ssl_dhparam /etc/ssl/nginx/dh2048.pem; - - # Specifies that our cipher suits should be preferred over client ciphers. - ssl_prefer_server_ciphers on; - - # Enables a shared SSL cache with size that can hold around 4000 sessions. - ssl_session_cache shared:SSL:1m; - - # Set SSL certificate - ssl_certificate /etc/ssl/certs/services.pem; - ssl_certificate_key /etc/ssl/private/services.key; - - # Set SSL protocols and ciphers - ssl_protocols TLSv1.2; - ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; - - # Enable gzipping of responses. - #gzip on; - - # Set the Vary HTTP header as defined in the RFC 2616. gzip_vary on; - # Enable checking the existence of precompressed files. - #gzip_static on; + ssl_protocols TLSv1.2; + ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; + ssl_prefer_server_ciphers on; + ssl_certificate /etc/ssl/certs/services.pem; + ssl_certificate_key /etc/ssl/private/services.key; + ssl_session_cache shared:SSL:1m; - - # Specifies the main log format. - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - # Sets the path, format, and configuration for a buffered log write. + log_format main '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; - - # Includes virtual hosts configs. include /etc/nginx/conf.d/*.conf; }