about summary refs log tree commit diff
diff options
context:
space:
mode:
authorreverite <samantha@chalker.io>2018-04-03 13:40:38 -0700
committerreverite <samantha@chalker.io>2018-04-03 13:40:38 -0700
commit4d94a737e57f12d52a50c0614f0d7eb1d1dc7d70 (patch)
tree0f3b247e274adee73787437c2317801ff683f6a4
parent96841ad190ebbe86e80aae6ecf11fc3766841818 (diff)
nginx should negotiate ecdh param with openssl, also dhparam is no longer needed
-rw-r--r--deploy/conf/nginx.conf16
1 files changed, 5 insertions, 11 deletions
diff --git a/deploy/conf/nginx.conf b/deploy/conf/nginx.conf
index ec7f51e..f5acdf2 100644
--- a/deploy/conf/nginx.conf
+++ b/deploy/conf/nginx.conf
@@ -34,15 +34,12 @@ server {
   ssl_protocols TLSv1.2 TLSv1.3;
   ssl_ciphers ECDHE+CHACHA20:AES256+EECDH:AES256+EDH:!aNULL;
   ssl_prefer_server_ciphers on;
-  ssl_ecdh_curve secp521r1:secp384r1;
   ssl_session_cache shared:TLS:2m;
   ssl_session_timeout 10m;
   ssl_session_tickets off;
   ssl_stapling on;
   ssl_stapling_verify on;
 
-  ssl_dhparam /etc/ssl/dhparam.pem;
-
   keepalive_timeout 70;
   sendfile on;
   client_max_body_size 0;
@@ -73,15 +70,12 @@ server {
   ssl_protocols TLSv1.2 TLSv1.3;
   ssl_ciphers ECDHE+CHACHA20:AES256+EECDH:AES256+EDH:!aNULL;
   ssl_prefer_server_ciphers on;
-  ssl_ecdh_curve secp521r1:secp384r1;
   ssl_session_cache shared:TLS:2m;
   ssl_session_timeout 10m;
   ssl_session_tickets off;
   ssl_stapling on;
   ssl_stapling_verify on;
 
-  ssl_dhparam /etc/ssl/dhparam.pem;
-
   keepalive_timeout 70;
   sendfile on;
   client_max_body_size 0;
@@ -109,11 +103,11 @@ server {
     try_files $uri @proxy;
   }
 
-  location /_matrix {
-    proxy_pass http://127.0.0.1:8008;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_pass_request_headers on;
-  }
+#  location /_matrix {
+#    proxy_pass http://127.0.0.1:8008;
+#    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+#    proxy_pass_request_headers on;
+#  }
 
   location /sw.js {
     add_header Cache-Control "public, max-age=0";