From 283514ef73c447472470c119d98743c9ab7024f8 Mon Sep 17 00:00:00 2001 From: Viyurz <128215328+Viyurz@users.noreply.github.com> Date: Tue, 13 Feb 2024 13:58:10 +0100 Subject: [PATCH] NGINX: Set ssl_prefer_server_ciphers to on & remove robot tags. --- nginx-rp/nginx.conf | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/nginx-rp/nginx.conf b/nginx-rp/nginx.conf index 5e0bc7e..dd0c39e 100644 --- a/nginx-rp/nginx.conf +++ b/nginx-rp/nginx.conf @@ -4,7 +4,7 @@ include /etc/nginx/modules-enabled/*.conf; events { worker_connections 768; - # multi_accept on; + multi_accept off; } http { @@ -36,16 +36,12 @@ http { ssl_certificate_key /etc/letsencrypt/live/viyurz.fr/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/viyurz.fr/chain.pem; - # modern configuration - # ssl_protocols TLSv1.3; - - # intermediate configuration ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305; # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam ssl_dhparam /etc/nginx/dhparam.txt; - ssl_prefer_server_ciphers off; + ssl_prefer_server_ciphers on; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; @@ -68,7 +64,7 @@ http { resolver 185.12.64.12 [a01:4ff:ff00::add:2] [2a01:4ff:ff00::add:1]; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; - add_header X-Robots-Tag "noindex, nofollow" always; + # add_header X-Robots-Tag "noindex, nofollow" always; add_header Set-Cookie "Path=/; HttpOnly; Secure"; proxy_set_header Host $host;