From 9d0e653cfa0bf706529389d48fdbd233733de997 Mon Sep 17 00:00:00 2001
From: Disassembler <disassembler@dasm.cz>
Date: Tue, 19 Dec 2017 11:05:09 +0100
Subject: [PATCH] Strip comments and reorganize nginx and consolefont config

---
 basic/etc/conf.d/consolefont |  9 ----
 basic/etc/nginx/nginx.conf   | 79 ++++--------------------------------
 2 files changed, 7 insertions(+), 81 deletions(-)

diff --git a/basic/etc/conf.d/consolefont b/basic/etc/conf.d/consolefont
index 03753e1..647a42b 100644
--- a/basic/etc/conf.d/consolefont
+++ b/basic/etc/conf.d/consolefont
@@ -1,11 +1,2 @@
-# The consolefont service is not activated by default. If you need to
-# use it, you should run "rc-update add consolefont boot" as root.
-#
-# consolefont specifies the default font that you'd like Linux to use on the
-# console.  You can find a good selection of fonts in /usr/share/consolefonts;
 consolefont="lat2-sun16.psfu.gz"
-
-# consoletranslation is the charset map file to use.  Leave commented to use
-# the default one.  Have a look in /usr/share/consoletrans for a selection of
-# map files you can use.
 consoletranslation="8859-2_to_uni.trans"
diff --git a/basic/etc/nginx/nginx.conf b/basic/etc/nginx/nginx.conf
index 48123f6..3b52ac1 100644
--- a/basic/etc/nginx/nginx.conf
+++ b/basic/etc/nginx/nginx.conf
@@ -1,98 +1,33 @@
-# /etc/nginx/nginx.conf
-
 user nginx;
-
-# Set number of worker processes automatically based on number of CPU cores.
 worker_processes auto;
-
-# Enables the use of JIT for regular expressions to speed-up their processing.
 pcre_jit on;
-
-# Configures default error logger.
 error_log /var/log/nginx/error.log warn;
-
-# Includes files with directives to load dynamic modules.
 include /etc/nginx/modules/*.conf;
 
-
 events {
-	# The maximum number of simultaneous connections that can be opened by
-	# a worker process.
 	worker_connections 1024;
 }
 
 http {
-	# Includes mapping of file name extensions to MIME types of responses
-	# and defines the default type.
 	include /etc/nginx/mime.types;
 	default_type application/octet-stream;
 
-	# Name servers used to resolve names of upstream servers into addresses.
-	# It's also needed when using tcpsocket and udpsocket in Lua modules.
-	#resolver 208.67.222.222 208.67.220.220;
-
-	# Don't tell nginx version to clients.
 	server_tokens off;
-
-	# Specifies the maximum accepted body size of a client request, as
-	# indicated by the request header Content-Length. If the stated content
-	# length is greater than this size, then the client receives the HTTP
-	# error code 413. Set to 0 to disable.
 	client_max_body_size 100m;
-
-	# Timeout for keep-alive connections. Server will close connections after
-	# this time.
 	keepalive_timeout 65;
-
-	# Sendfile copies data between one FD and other from within the kernel,
-	# which is more efficient than read() + write().
 	sendfile on;
-
-	# Don't buffer data-sends (disable Nagle algorithm).
-	# Good for sending frequent small bursts of data in real time.
 	tcp_nodelay on;
-
-	# Causes nginx to attempt to send its HTTP response head in one packet,
-	# instead of using partial frames.
-	#tcp_nopush on;
-
-
-	# Path of the file with Diffie-Hellman parameters for EDH ciphers.
-	#ssl_dhparam /etc/ssl/nginx/dh2048.pem;
-
-	# Specifies that our cipher suits should be preferred over client ciphers.
-	ssl_prefer_server_ciphers on;
-
-	# Enables a shared SSL cache with size that can hold around 4000 sessions.
-	ssl_session_cache shared:SSL:1m;
-
-        # Set SSL certificate
-        ssl_certificate /etc/ssl/certs/services.pem;
-        ssl_certificate_key /etc/ssl/private/services.key;
-
-        # Set SSL protocols and ciphers
-        ssl_protocols TLSv1.2;
-        ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
-
-	# Enable gzipping of responses.
-	#gzip on;
-
-	# Set the Vary HTTP header as defined in the RFC 2616.
 	gzip_vary on;
 
-	# Enable checking the existence of precompressed files.
-	#gzip_static on;
+	ssl_protocols TLSv1.2;
+	ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
+	ssl_prefer_server_ciphers on;
+	ssl_certificate /etc/ssl/certs/services.pem;
+	ssl_certificate_key /etc/ssl/private/services.key;
+	ssl_session_cache shared:SSL:1m;
 
-
-	# Specifies the main log format.
-	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
-			'$status $body_bytes_sent "$http_referer" '
-			'"$http_user_agent" "$http_x_forwarded_for"';
-
-	# Sets the path, format, and configuration for a buffered log write.
+	log_format main '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
 	access_log /var/log/nginx/access.log main;
 
-
-	# Includes virtual hosts configs.
 	include /etc/nginx/conf.d/*.conf;
 }