better nginx config

File download domain should not use HTTP/2, HTTP/1 is usually a tad faster at delivering downloads.

templates/nginx_confs/A.Y.conf

@@ -1,10 +1,15 @@
 server{
-listen          443 ssl http2;
+listen          443 ssl;
 server_name     A.Y www.A.Y;
 ssl on;
 ssl_certificate /etc/letsencrypt/live/A.Y/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/A.Y/privkey.pem;
 ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+ssl_ecdh_curve secp384r1;
+ssl_buffer_size 4k;
+ssl_session_tickets off;
+ssl_session_timeout 24h;
 
 root            /var/www/uguu/files/;
 autoindex       off;

templates/nginx_confs/X.Y.conf

@@ -7,8 +7,9 @@ ssl_certificate_key /etc/letsencrypt/live/X.Y/privkey.pem;
 ssl_protocols TLSv1.2 TLSv1.3;
 ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
 ssl_ecdh_curve secp384r1;
-ssl_buffer_size 2k;
+ssl_buffer_size 4k;
 ssl_session_tickets off;
+ssl_session_timeout 24h;
 
 root /var/www/uguu/dist/;
 autoindex		off;
@@ -16,9 +17,9 @@ access_log      off;
 index index.html index.php;
 etag on;
 
-location ~* \.(?:css|js|jpg|jpeg|gif|png|ico|xml|eot|woff|woff2|ttf|svg|otf)$ {
-add_header        Cache-Control "public";
-expires           30d;
+location ~* \.(css|js|jpg|jpeg|gif|png|ico|xml|eot|woff|woff2|ttf|svg|otf|x-icon|avif|webp|apng|min.js|min.css)$ {
+add_header Cache-Control "public";
+expires 30d;
 }
 
  gzip on;

templates/nginx_confs/nginx.conf

@@ -12,9 +12,6 @@ events {
 }
 
 http {
-ssl_session_cache shared:SSL:5m;
-ssl_session_timeout 12h;
-ssl_session_tickets off;
 
 ##
 # Basic Settings