From ff36f3fb2ffc95e0610c721e697a6f5d15ea271b Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Sun, 4 Nov 2018 13:51:37 +0100 Subject: [PATCH] update configuration --- README.md | 2 +- docs/README.md | 2 +- etc/nginx/conf.d/fastcgi.conf | 6 ------ etc/nginx/conf.d/tweaks.conf | 19 +++++++++++++++++++ etc/nginx/nginx.conf | 10 +++++++++- etc/systemd/system/nginx.service | 15 +++++++++++++++ 6 files changed, 45 insertions(+), 9 deletions(-) create mode 100644 etc/nginx/conf.d/tweaks.conf create mode 100644 etc/systemd/system/nginx.service diff --git a/README.md b/README.md index 65bafcd..b77c264 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ apt-get update && apt-get upgrade -y && apt-get autoremove --purge -y && apt-get ### Install useful packages ```bash -sudo apt-get install haveged curl git unzip zip fail2ban htop nload nmon ntp gnupg gnupg2 wget pigz tree ccze -y +sudo apt-get install haveged curl git unzip zip fail2ban htop nload nmon ntp gnupg gnupg2 wget pigz tree ccze mycli -y ``` ### Clone the repository diff --git a/docs/README.md b/docs/README.md index 65bafcd..b77c264 100644 --- a/docs/README.md +++ b/docs/README.md @@ -31,7 +31,7 @@ apt-get update && apt-get upgrade -y && apt-get autoremove --purge -y && apt-get ### Install useful packages ```bash -sudo apt-get install haveged curl git unzip zip fail2ban htop nload nmon ntp gnupg gnupg2 wget pigz tree ccze -y +sudo apt-get install haveged curl git unzip zip fail2ban htop nload nmon ntp gnupg gnupg2 wget pigz tree ccze mycli -y ``` ### Clone the repository diff --git a/etc/nginx/conf.d/fastcgi.conf b/etc/nginx/conf.d/fastcgi.conf index 3fda8f0..dff039a 100644 --- a/etc/nginx/conf.d/fastcgi.conf +++ b/etc/nginx/conf.d/fastcgi.conf @@ -11,9 +11,3 @@ fastcgi_temp_file_write_size 512K; fastcgi_param SERVER_NAME $http_host; fastcgi_ignore_headers Cache-Control Expires Set-Cookie; fastcgi_keep_conn on; - -#Others -open_file_cache max=2000 inactive=20s; -open_file_cache_valid 60s; -open_file_cache_min_uses 5; -open_file_cache_errors off; \ No newline at end of file diff --git a/etc/nginx/conf.d/tweaks.conf b/etc/nginx/conf.d/tweaks.conf new file mode 100644 index 0000000..91be8f8 --- /dev/null +++ b/etc/nginx/conf.d/tweaks.conf @@ -0,0 +1,19 @@ + directio 4m; + directio_alignment 512; + http2_max_field_size 16k; + http2_max_header_size 32k; + + keepalive_disable msie6; + large_client_header_buffers 8 64k; + + + open_file_cache max=50000 inactive=60s; + open_file_cache_errors off; + open_file_cache_min_uses 2; + open_file_cache_valid 120s; + open_log_file_cache max=10000 inactive=30s min_uses=2; + + postpone_output 1460; + proxy_buffers 8 32k; + proxy_buffer_size 64k; + diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf index 10051e1..39e51b1 100644 --- a/etc/nginx/nginx.conf +++ b/etc/nginx/nginx.conf @@ -61,7 +61,11 @@ http aio threads; # tls dynamic records patch directive - ssl_dyn_rec_enable on; + ssl_dyn_rec_enable on; + ssl_dyn_rec_size_hi 4229; + ssl_dyn_rec_size_lo 1369; + ssl_dyn_rec_threshold 40; + ssl_dyn_rec_timeout 1000; # nginx-vts-status module vhost_traffic_status_zone; @@ -80,6 +84,10 @@ http ## # SSL Settings ## + + # SSL Early Data + ssl_early_data off; + ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers 'TLS13+AESGCM+AES128:EECDH+AES128'; ssl_prefer_server_ciphers on; diff --git a/etc/systemd/system/nginx.service b/etc/systemd/system/nginx.service new file mode 100644 index 0000000..ad3d0ca --- /dev/null +++ b/etc/systemd/system/nginx.service @@ -0,0 +1,15 @@ +[Unit] +Description=The NGINX HTTP and reverse proxy server +After=syslog.target network.target remote-fs.target nss-lookup.target + +[Service] +Type=forking +PIDFile=/run/nginx.pid +ExecStartPre=/usr/sbin/nginx -t +ExecStart=/usr/sbin/nginx +ExecReload=/bin/kill -s HUP $MAINPID +ExecStop=/bin/kill -s QUIT $MAINPID +PrivateTmp=true + +[Install] +WantedBy=multi-user.target \ No newline at end of file