Fijxu
/
etc-configs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mierda

This commit is contained in:
Fijxu 2023-01-09 19:15:41 -03:00
parent 42c2c835c4
commit f62080468d
2 changed files with 30 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
nginx/nginx.conf
View File

@ -7,12 +7,9 @@ include /etc/nginx/modules-enabled/*.conf;
load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so; # for compressing responses on-the-fly load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so; # for compressing responses on-the-fly
load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so; # for serving pre-compressed files load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so; # for serving pre-compressed files
# This is where we load NJS modules #Include external config
#load_module /usr/lib/nginx/modules/ngx_http_js_module.so; include /etc/nginx/conf.d/*.conf;
#load_module /usr/lib/nginx/modules/ngx_stream_js_module.so;
# Include external config
#include /etc/nginx/conf.d/*.conf;
events { events {
multi_accept on; multi_accept on;
worker_connections 65535; worker_connections 65535;
@ -24,6 +21,7 @@ stream {
http { http {
# Basic Settings
charset utf-8; charset utf-8;
sendfile on; sendfile on;
tcp_nopush on; tcp_nopush on;
@ -32,8 +30,9 @@ http {
log_not_found off; log_not_found off;
types_hash_max_size 4096; types_hash_max_size 4096;
types_hash_bucket_size 64; types_hash_bucket_size 64;
client_max_body_size 16M;
# Virtual Host Configs
include /etc/nginx/sites-enabled/*.conf;
# MIME # MIME
include mime.types; include mime.types;
@ -41,43 +40,54 @@ http {
# SSL # SSL
ssl_protocols TLSv1.2 TLSv1.3; ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
ssl_prefer_server_ciphers off; ssl_prefer_server_ciphers off;
# #
ssl_session_timeout 1d; ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off; ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites # Diffie-Hellman parameter for DHE ciphersuites
ssl_dhparam /etc/nginx/dhparam.pem; ssl_dhparam /etc/nginx/dhparam.pem;
# OCSP Stapling # HTTP2 Settings
#ssl_stapling on; http2_max_field_size 64k;
#ssl_stapling_verify on; http2_max_header_size 512k;
# Logging # DDOS Protection
#access_log /var/log/nginx/access.log; limit_conn_zone $binary_remote_addr zone=perip:10m;
#error_log /var/log/nginx/error.log warn; limit_conn perip 100;
# General configs, include in every sites-enabled site limit_req_zone $binary_remote_addr zone=engine:10m rate=2r/s;
#include configs/general.conf; limit_req_zone $binary_remote_addr zone=static:10m rate=100r/s;
# Connection header for WebSocket reverse proxy # reset timed out connections freeing ram
reset_timedout_connection on;
# maximum time between packets the client can pause when sending nginx any data
client_body_timeout 10s;
# maximum time the client has to send the entire header to nginx
client_header_timeout 10s;
# timeout which a single keep-alive client connection will stay open
keepalive_timeout 65s;
# maximum time between packets nginx is allowed to pause when sending the client data
send_timeout 10s;
# Connection header for WebSocket reverse proxy
map $http_upgrade $connection_upgrade { map $http_upgrade $connection_upgrade {
default upgrade; default upgrade;
"" close; "" close;
} }
map $remote_addr $proxy_forwarded_elem { map $remote_addr $proxy_forwarded_elem {
# IPv4 addresses can be sent as-is # IPv4 addresses can be sent as-is
~^[0-9.]+$ "for=$remote_addr"; ~^[0-9.]+$ "for=$remote_addr";
# IPv6 addresses need to be bracketed and quoted # IPv6 addresses need to be bracketed and quoted
~^[0-9A-Fa-f:.]+$ "for=\"[$remote_addr]\""; ~^[0-9A-Fa-f:.]+$ "for=\"[$remote_addr]\"";
# Unix domain socket names cannot be represented in RFC 7239 syntax # Unix domain socket names cannot be represented in RFC 7239 syntax
default "for=unknown"; default "for=unknown";
} }
map $http_forwarded $proxy_add_forwarded { map $http_forwarded $proxy_add_forwarded {
@ -89,9 +99,5 @@ http {
default "$proxy_forwarded_elem"; default "$proxy_forwarded_elem";
} }
# Include sites-enabled
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
} }

2
nginx/sites-available/gitea.zzls.xyz.conf
View File

@ -11,8 +11,6 @@ server {
include configs/proxyheaders.conf; include configs/proxyheaders.conf;
} }
#add_header Content-Security-Policy "default-src 'self'; script-src 'report-sample' 'self'; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none';";
# QUIC # QUIC
add_header Alt-Svc 'h3=":443"; ma=86400'; add_header Alt-Svc 'h3=":443"; ma=86400';