From 4d94a737e57f12d52a50c0614f0d7eb1d1dc7d70 Mon Sep 17 00:00:00 2001
From: reverite <samantha@chalker.io>
Date: Tue, 3 Apr 2018 13:40:38 -0700
Subject: nginx should negotiate ecdh param with openssl, also dhparam is no
 longer needed

---
 deploy/conf/nginx.conf | 16 +++++-----------
 1 file changed, 5 insertions(+), 11 deletions(-)

(limited to 'deploy')

diff --git a/deploy/conf/nginx.conf b/deploy/conf/nginx.conf
index ec7f51e..f5acdf2 100644
--- a/deploy/conf/nginx.conf
+++ b/deploy/conf/nginx.conf
@@ -34,15 +34,12 @@ server {
   ssl_protocols TLSv1.2 TLSv1.3;
   ssl_ciphers ECDHE+CHACHA20:AES256+EECDH:AES256+EDH:!aNULL;
   ssl_prefer_server_ciphers on;
-  ssl_ecdh_curve secp521r1:secp384r1;
   ssl_session_cache shared:TLS:2m;
   ssl_session_timeout 10m;
   ssl_session_tickets off;
   ssl_stapling on;
   ssl_stapling_verify on;
 
-  ssl_dhparam /etc/ssl/dhparam.pem;
-
   keepalive_timeout 70;
   sendfile on;
   client_max_body_size 0;
@@ -73,15 +70,12 @@ server {
   ssl_protocols TLSv1.2 TLSv1.3;
   ssl_ciphers ECDHE+CHACHA20:AES256+EECDH:AES256+EDH:!aNULL;
   ssl_prefer_server_ciphers on;
-  ssl_ecdh_curve secp521r1:secp384r1;
   ssl_session_cache shared:TLS:2m;
   ssl_session_timeout 10m;
   ssl_session_tickets off;
   ssl_stapling on;
   ssl_stapling_verify on;
 
-  ssl_dhparam /etc/ssl/dhparam.pem;
-
   keepalive_timeout 70;
   sendfile on;
   client_max_body_size 0;
@@ -109,11 +103,11 @@ server {
     try_files $uri @proxy;
   }
 
-  location /_matrix {
-    proxy_pass http://127.0.0.1:8008;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_pass_request_headers on;
-  }
+#  location /_matrix {
+#    proxy_pass http://127.0.0.1:8008;
+#    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+#    proxy_pass_request_headers on;
+#  }
 
   location /sw.js {
     add_header Cache-Control "public, max-age=0";
-- 
cgit