ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-08-03 16:03:38 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

enable ssl_early_data, default enable http2, option to enable brotli, fix shellcheck

Browse Source 
Signed-off-by: Zoey <zoey@z0ey.de>
This commit is contained in:
Zoey
2023-01-20 08:09:52 +01:00
parent e0be3a5ea3
commit 45895ac53e
33 changed files with 367 additions and 261 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
rootfs/usr/local/nginx/conf/conf.d/include/brotli.conf Normal file
View File

@@ -0,0 +1,4 @@
brotli on;
brotli_types *;
brotli_comp_level 11;
brotli_static on;

1
rootfs/usr/local/nginx/conf/conf.d/include/default.conf
View File

@@ -13,6 +13,7 @@ server {
server_name _;
include conf.d/include/brotli.conf;
include conf.d/include/force-ssl.conf;
include conf.d/include/tls-ciphers.conf;
include conf.d/include/acme-challenge.conf;

4
rootfs/usr/local/nginx/conf/conf.d/include/proxy.conf
View File

@@ -1,11 +1,13 @@
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header Early-Data $ssl_early_data;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Accept-Encoding "";
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1 SSLv3 SSLv2;
proxy_http_version 1.1;
proxy_pass $forward_scheme://$server:$port$request_uri;

5
rootfs/usr/local/nginx/conf/conf.d/include/tls-ciphers.conf
View File

@@ -1,3 +1,8 @@
ssl_stapling on;
ssl_stapling_verify on;
ssl_early_data on;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;

1
rootfs/usr/local/nginx/conf/conf.d/no-server-name.conf
View File

@@ -17,6 +17,7 @@ server {
server_name "";
return 444;
include conf.d/include/brotli.conf;
include conf.d/include/force-ssl.conf;
include conf.d/include/tls-ciphers.conf;
include conf.d/include/block-exploits.conf;

4
rootfs/usr/local/nginx/conf/conf.d/npm.conf
View File

@@ -7,6 +7,7 @@ server {
add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
server_name _;
include conf.d/include/brotli.conf;
include conf.d/include/force-ssl.conf;
include conf.d/include/tls-ciphers.conf;
include conf.d/include/block-exploits.conf;
@@ -24,6 +25,7 @@ server {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header Early-Data $ssl_early_data;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
@@ -33,8 +35,6 @@ server {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 15m;
proxy_send_timeout 15m;
}
location / {

6
rootfs/usr/local/nginx/conf/nginx.conf
View File

@@ -27,13 +27,15 @@ http {
tcp_nopush on;
tcp_nodelay on;
client_max_body_size 0;
client_body_buffer_size 512k;
gzip on;
gunzip on;
gzip_vary on;
gzip_types *;
gzip_proxied any;
gzip_comp_level 9;
gunzip on;
gzip_static on;
resolver localhost;
fastcgi_index index.php;
@@ -42,6 +44,7 @@ http {
error_page 404 =307 $scheme://$host:$server_port;
error_page 497 =301 https://$host:$server_port$request_uri;
proxy_read_timeout 86400s;
proxy_headers_hash_max_size 1024;
proxy_headers_hash_bucket_size 128;
@@ -89,7 +92,6 @@ http {
set_real_ip_from fec0::/10;
include fastcgi.conf;
fastcgi_param HTTP_PROXY "";
include conf.d/include/ip_ranges.conf;