You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
151 lines
3.5 KiB
151 lines
3.5 KiB
2 years ago
|
nginx_list_join:
|
||
|
gzip_types: " "
|
||
|
ssl_protocols: " "
|
||
|
ssl_ciphers: ":"
|
||
|
ssl_ecdh_curve: ":"
|
||
|
|
||
|
nginx_multi_list:
|
||
|
- ssl_conf_command
|
||
|
|
||
|
nginx_defaults:
|
||
|
user: nginx
|
||
|
group: nginx
|
||
|
conf_dir: /etc/nginx
|
||
|
dhparam_file: dhparam.pem
|
||
|
|
||
|
cert_rsa_name: rsa2048
|
||
|
cert_ecc_name: ecc384
|
||
|
|
||
|
enable_stapling: yes
|
||
|
must_staple: no
|
||
|
|
||
|
security:
|
||
|
headers:
|
||
|
X-Frame-Options: "SAMEORIGIN"
|
||
|
X-Content-Type-Options: "nosniff"
|
||
|
Referrer-Policy: "strict-origin-when-cross-origin"
|
||
|
Expect-CT: "maxage=86400, enforce"
|
||
|
Cross-Origin-Embedder-Policy: "require-corp"
|
||
|
Cross-Origin-Opener-Policy: "same-origin"
|
||
|
Cross-Origin-Resource-Policy: "same-site"
|
||
|
|
||
|
csp:
|
||
|
default-src: "'none'"
|
||
|
base-uri: "'self'"
|
||
|
connect-src: "'self'"
|
||
|
font-src: "'self'"
|
||
|
img-src: "'self'"
|
||
|
manifest-src: "'self'"
|
||
|
media-src: "'self'"
|
||
|
prefetch-src: "'self'"
|
||
|
script-src: "'self'"
|
||
|
style-src: "'self'"
|
||
|
worker-src: "'self'"
|
||
|
form-action: "'self'"
|
||
|
frame-ancestors: "'self'"
|
||
|
|
||
|
pp:
|
||
|
accelerometer: ""
|
||
|
camera: ""
|
||
|
display-capture: ""
|
||
|
document-domain: ""
|
||
|
geolocation: ""
|
||
|
gyroscope: ""
|
||
|
magnetometer: ""
|
||
|
microphone: ""
|
||
|
midi: ""
|
||
|
payment: ""
|
||
|
screen-wake-lock: ""
|
||
|
sync-xhr: ""
|
||
|
usb: ""
|
||
|
xr-spatial-tracking: ""
|
||
|
|
||
|
conf:
|
||
|
root:
|
||
|
pcre_jit: "on"
|
||
|
worker_processes: "auto"
|
||
|
events:
|
||
|
http:
|
||
|
aio: "threads"
|
||
|
aio_write: "on"
|
||
|
directio: "128k"
|
||
|
sendfile: "on"
|
||
|
sendfile_max_chunk: "1m"
|
||
|
tcp_nodelay: "on"
|
||
|
tcp_nopush: "on"
|
||
|
|
||
|
client_body_buffer_size: "64k"
|
||
|
client_body_timeout: "30s"
|
||
|
client_header_buffer_size: "2k"
|
||
|
client_header_timeout: "15s"
|
||
|
client_max_body_size: "0"
|
||
|
send_timeout: "180s"
|
||
|
resolver_timeout: "10s"
|
||
|
|
||
|
disable_symlinks: "on"
|
||
|
keepalive_disable: "none"
|
||
|
msie_padding: "off"
|
||
|
server_tokens: "off"
|
||
|
log_not_found: "on"
|
||
|
access_log: "off"
|
||
|
|
||
|
open_file_cache: "max=512 inactive=120s"
|
||
|
open_file_cache_errors: "on"
|
||
|
|
||
|
gzip: "on"
|
||
|
gzip_comp_level: "4"
|
||
|
gzip_min_length: "4096"
|
||
|
gzip_vary: "on"
|
||
|
gzip_types:
|
||
|
- text/css
|
||
|
- text/javascript
|
||
|
- text/plain
|
||
|
- application/javascript
|
||
|
- application/x-javascript
|
||
|
- font/truetype
|
||
|
- font/opentype
|
||
|
- image/svg+xml
|
||
|
- application/xml
|
||
|
|
||
|
deny: "all"
|
||
|
autoindex: "off"
|
||
|
|
||
|
default_type: "application/octet-stream"
|
||
|
|
||
|
proxy_buffer_size: "16k"
|
||
|
proxy_buffers: "16 16k"
|
||
|
proxy_connect_timeout: "30s"
|
||
|
proxy_http_version: "1.1"
|
||
|
proxy_read_timeout: "180s"
|
||
|
proxy_send_timeout: "180s"
|
||
|
proxy_max_temp_file_size: "0"
|
||
|
|
||
|
http2_push_preload: "on"
|
||
|
|
||
|
ssl_protocols:
|
||
|
- TLSv1.2
|
||
|
- TLSv1.3
|
||
|
ssl_ciphers:
|
||
|
- ECDHE-ECDSA-CHACHA20-POLY1305
|
||
|
- ECDHE-ECDSA-AES256-GCM-SHA384
|
||
|
- ECDHE-ECDSA-AES128-GCM-SHA256
|
||
|
- ECDHE-RSA-CHACHA20-POLY1305
|
||
|
- ECDHE-RSA-AES256-GCM-SHA384
|
||
|
- ECDHE-RSA-AES128-GCM-SHA256
|
||
|
- DHE-RSA-AES256-GCM-SHA384
|
||
|
- DHE-RSA-AES128-GCM-SHA256
|
||
|
ssl_ecdh_curve:
|
||
|
- X448
|
||
|
- X25519
|
||
|
- secp521r1
|
||
|
- secp384r1
|
||
|
|
||
|
ssl_prefer_server_ciphers: "on"
|
||
|
ssl_early_data: "on"
|
||
|
ssl_conf_command:
|
||
|
- Options PrioritizeChaCha,-MiddleboxCompat
|
||
|
- Ciphersuites TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
|
||
|
ssl_session_cache: "shared:SSL:512k"
|
||
|
ssl_session_tickets: "on"
|
||
|
ssl_session_timeout: "1h"
|