security/hakurei.app
security/hakurei.app
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity

disable keepalive by default

Browse Source 
No need for keepalive for the internal socket.
This commit is contained in:
Daniel Micay 2024-03-20 19:22:02 -04:00
parent 94a613017a
commit 5b4912b289
1 changed files with 7 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
nginx/nginx.conf
View File

@ -26,7 +26,7 @@ http {
sendfile_max_chunk 256k; sendfile_max_chunk 256k;
tcp_nopush on; tcp_nopush on;
keepalive_requests 256; keepalive_requests 256;
keepalive_timeout 3m; keepalive_timeout 0;
server_tokens off; server_tokens off;
msie_padding off; msie_padding off;
@ -104,8 +104,6 @@ http {
listen 80 default_server backlog=4096; listen 80 default_server backlog=4096;
listen [::]:80 default_server backlog=4096; listen [::]:80 default_server backlog=4096;
keepalive_timeout 0;
# https://trac.nginx.org/nginx/ticket/2012 # https://trac.nginx.org/nginx/ticket/2012
location / { location / {
return 404; return 404;
@ -117,8 +115,6 @@ http {
listen [::]:80; listen [::]:80;
server_name grapheneos.org www.grapheneos.org grapheneos.app www.grapheneos.app grapheneos.ca www.grapheneos.ca grapheneos.com www.grapheneos.com grapheneos.dev www.grapheneos.dev grapheneos.info www.grapheneos.info grapheneos.net www.grapheneos.net grapheneos.ovh www.grapheneos.ovh grapheneos.page www.grapheneos.page vanadium.app www.vanadium.app; server_name grapheneos.org www.grapheneos.org grapheneos.app www.grapheneos.app grapheneos.ca www.grapheneos.ca grapheneos.com www.grapheneos.com grapheneos.dev www.grapheneos.dev grapheneos.info www.grapheneos.info grapheneos.net www.grapheneos.net grapheneos.ovh www.grapheneos.ovh grapheneos.page www.grapheneos.page vanadium.app www.vanadium.app;
keepalive_timeout 0;
location /.well-known/acme-challenge/ { location /.well-known/acme-challenge/ {
return 301 http://0.grapheneos.org$request_uri; return 301 http://0.grapheneos.org$request_uri;
} }
@ -133,8 +129,6 @@ http {
listen [::]:80; listen [::]:80;
server_name 0.grapheneos.org; server_name 0.grapheneos.org;
keepalive_timeout 0;
location /.well-known/acme-challenge/ { location /.well-known/acme-challenge/ {
root /srv/certbot; root /srv/certbot;
} }
@ -149,8 +143,6 @@ http {
listen [::]:443 default_server ssl http2 backlog=4096; listen [::]:443 default_server ssl http2 backlog=4096;
ssl_reject_handshake on; ssl_reject_handshake on;
keepalive_timeout 0;
# https://trac.nginx.org/nginx/ticket/2012 # https://trac.nginx.org/nginx/ticket/2012
location / { location / {
return 404; return 404;
@ -162,6 +154,8 @@ http {
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name www.grapheneos.org grapheneos.app www.grapheneos.app grapheneos.ca www.grapheneos.ca grapheneos.com www.grapheneos.com grapheneos.dev www.grapheneos.dev grapheneos.info www.grapheneos.info grapheneos.net www.grapheneos.net grapheneos.ovh www.grapheneos.ovh grapheneos.page www.grapheneos.page; server_name www.grapheneos.org grapheneos.app www.grapheneos.app grapheneos.ca www.grapheneos.ca grapheneos.com www.grapheneos.com grapheneos.dev www.grapheneos.dev grapheneos.info www.grapheneos.info grapheneos.net www.grapheneos.net grapheneos.ovh www.grapheneos.ovh grapheneos.page www.grapheneos.page;
keepalive_timeout 3m;
include snippets/security-headers.conf; include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin" always; add_header Cross-Origin-Resource-Policy "same-origin" always;
@ -175,6 +169,8 @@ http {
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name vanadium.app www.vanadium.app; server_name vanadium.app www.vanadium.app;
keepalive_timeout 3m;
include snippets/security-headers.conf; include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin" always; add_header Cross-Origin-Resource-Policy "same-origin" always;
@ -192,6 +188,8 @@ http {
error_page 403 =404 /404; error_page 403 =404 /404;
error_page 404 /404; error_page 404 /404;
keepalive_timeout 3m;
open_file_cache max=2048 inactive=1d; open_file_cache max=2048 inactive=1d;
open_file_cache_valid 1d; open_file_cache_valid 1d;