disable keepalive by default

No need for keepalive for the internal socket.
2024-03-20 19:22:02 -04:00 · 2024-03-20 19:22:02 -04:00 · 5b4912b289
commit 5b4912b289
parent 94a613017a
1 changed files with 7 additions and 9 deletions
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@ -26,7 +26,7 @@ http {
    sendfile_max_chunk 256k;
    tcp_nopush on;
    keepalive_requests 256;
-    keepalive_timeout 3m;
+    keepalive_timeout 0;
    server_tokens off;
    msie_padding off;

@ -104,8 +104,6 @@ http {
        listen 80 default_server backlog=4096;
        listen [::]:80 default_server backlog=4096;

-        keepalive_timeout 0;
-
        # https://trac.nginx.org/nginx/ticket/2012
        location / {
            return 404;
@ -117,8 +115,6 @@ http {
        listen [::]:80;
        server_name grapheneos.org www.grapheneos.org grapheneos.app www.grapheneos.app grapheneos.ca www.grapheneos.ca grapheneos.com www.grapheneos.com grapheneos.dev www.grapheneos.dev grapheneos.info www.grapheneos.info grapheneos.net www.grapheneos.net grapheneos.ovh www.grapheneos.ovh grapheneos.page  www.grapheneos.page vanadium.app www.vanadium.app;

-        keepalive_timeout 0;
-
        location /.well-known/acme-challenge/ {
            return 301 http://0.grapheneos.org$request_uri;
        }
@ -133,8 +129,6 @@ http {
        listen [::]:80;
        server_name 0.grapheneos.org;

-        keepalive_timeout 0;
-
        location /.well-known/acme-challenge/ {
            root /srv/certbot;
        }
@ -149,8 +143,6 @@ http {
        listen [::]:443 default_server ssl http2 backlog=4096;
        ssl_reject_handshake on;

-        keepalive_timeout 0;
-
        # https://trac.nginx.org/nginx/ticket/2012
        location / {
            return 404;
@ -162,6 +154,8 @@ http {
        listen [::]:443 ssl http2;
        server_name www.grapheneos.org grapheneos.app www.grapheneos.app grapheneos.ca www.grapheneos.ca grapheneos.com www.grapheneos.com grapheneos.dev www.grapheneos.dev grapheneos.info www.grapheneos.info grapheneos.net www.grapheneos.net grapheneos.ovh www.grapheneos.ovh grapheneos.page www.grapheneos.page;

+        keepalive_timeout 3m;
+
        include snippets/security-headers.conf;
        add_header Cross-Origin-Resource-Policy "same-origin" always;

@ -175,6 +169,8 @@ http {
        listen [::]:443 ssl http2;
        server_name vanadium.app www.vanadium.app;

+        keepalive_timeout 3m;
+
        include snippets/security-headers.conf;
        add_header Cross-Origin-Resource-Policy "same-origin" always;

@ -192,6 +188,8 @@ http {
        error_page 403 =404 /404;
        error_page 404 /404;

+        keepalive_timeout 3m;
+
        open_file_cache max=2048 inactive=1d;
        open_file_cache_valid 1d;