diff options
author | reverite <samantha@chalker.io> | 2018-04-03 13:40:38 -0700 |
---|---|---|
committer | reverite <samantha@chalker.io> | 2018-04-03 13:40:38 -0700 |
commit | 4d94a737e57f12d52a50c0614f0d7eb1d1dc7d70 (patch) | |
tree | 0f3b247e274adee73787437c2317801ff683f6a4 | |
parent | 96841ad190ebbe86e80aae6ecf11fc3766841818 (diff) |
nginx should negotiate ecdh param with openssl, also dhparam is no longer needed
-rw-r--r-- | deploy/conf/nginx.conf | 16 |
1 files changed, 5 insertions, 11 deletions
diff --git a/deploy/conf/nginx.conf b/deploy/conf/nginx.conf index ec7f51e..f5acdf2 100644 --- a/deploy/conf/nginx.conf +++ b/deploy/conf/nginx.conf @@ -34,15 +34,12 @@ server { ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE+CHACHA20:AES256+EECDH:AES256+EDH:!aNULL; ssl_prefer_server_ciphers on; - ssl_ecdh_curve secp521r1:secp384r1; ssl_session_cache shared:TLS:2m; ssl_session_timeout 10m; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; - ssl_dhparam /etc/ssl/dhparam.pem; - keepalive_timeout 70; sendfile on; client_max_body_size 0; @@ -73,15 +70,12 @@ server { ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE+CHACHA20:AES256+EECDH:AES256+EDH:!aNULL; ssl_prefer_server_ciphers on; - ssl_ecdh_curve secp521r1:secp384r1; ssl_session_cache shared:TLS:2m; ssl_session_timeout 10m; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; - ssl_dhparam /etc/ssl/dhparam.pem; - keepalive_timeout 70; sendfile on; client_max_body_size 0; @@ -109,11 +103,11 @@ server { try_files $uri @proxy; } - location /_matrix { - proxy_pass http://127.0.0.1:8008; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass_request_headers on; - } +# location /_matrix { +# proxy_pass http://127.0.0.1:8008; +# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +# proxy_pass_request_headers on; +# } location /sw.js { add_header Cache-Control "public, max-age=0"; |