NGINX: Set ssl_prefer_server_ciphers to on & remove robot tags.

nginx-rp/nginx.conf

@@ -4,7 +4,7 @@ include /etc/nginx/modules-enabled/*.conf;
 
 events {
 	worker_connections 768;
-	# multi_accept on;
+	multi_accept off;
 }
 
 http {
@@ -36,16 +36,12 @@ http {
 	ssl_certificate_key /etc/letsencrypt/live/viyurz.fr/privkey.pem;
 	ssl_trusted_certificate /etc/letsencrypt/live/viyurz.fr/chain.pem;
 
-	# modern configuration
-	# ssl_protocols TLSv1.3;
-
-	# intermediate configuration
 	ssl_protocols TLSv1.2 TLSv1.3;
 	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
 	# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
 	ssl_dhparam /etc/nginx/dhparam.txt;
 
-	ssl_prefer_server_ciphers off;
+	ssl_prefer_server_ciphers on;
 
 	ssl_session_timeout 1d;
 	ssl_session_cache shared:MozSSL:10m;
@@ -68,7 +64,7 @@ http {
 	resolver 185.12.64.12 [a01:4ff:ff00::add:2] [2a01:4ff:ff00::add:1];
 
 	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
-	add_header X-Robots-Tag "noindex, nofollow" always;
+	# add_header X-Robots-Tag "noindex, nofollow" always;
 	add_header Set-Cookie "Path=/; HttpOnly; Secure";
 
 	proxy_set_header Host $host;