Left: | ||
Right: |
OLD | NEW |
---|---|
1 user <%= scope.lookupvar('nginx::params::user') %> <%= scope.lookupvar('nginx::p arams::group') %>; | 1 user <%= scope.lookupvar('nginx::params::user') %> <%= scope.lookupvar('nginx::p arams::group') %>; |
2 worker_processes <%= worker_processes %>; | 2 worker_processes <%= worker_processes %>; |
3 | 3 |
4 error_log /var/log/nginx/error.log notice; | 4 error_log /var/log/nginx/error.log notice; |
5 pid /var/run/nginx.pid; | 5 pid /var/run/nginx.pid; |
6 | 6 |
7 events { | 7 events { |
8 worker_connections <%= worker_connections %>; | 8 worker_connections <%= worker_connections %>; |
9 <% if scope.lookupvar('nginx::params::multi_accept') == 'on' %>multi_accept on ;<% end %> | 9 <% if scope.lookupvar('nginx::params::multi_accept') == 'on' %>multi_accept on ;<% end %> |
10 } | 10 } |
(...skipping 21 matching lines...) Expand all Loading... | |
32 tcp_nodelay <%= scope.lookupvar('nginx::params::tcp_nodelay') %>; | 32 tcp_nodelay <%= scope.lookupvar('nginx::params::tcp_nodelay') %>; |
33 | 33 |
34 <% if scope.lookupvar('nginx::params::gzip') == 'on' %> | 34 <% if scope.lookupvar('nginx::params::gzip') == 'on' %> |
35 gzip on; | 35 gzip on; |
36 gzip_disable "msie6"; | 36 gzip_disable "msie6"; |
37 gzip_min_length 100; | 37 gzip_min_length 100; |
38 gzip_buffers 4 8k; | 38 gzip_buffers 4 8k; |
39 gzip_types text/plain text/xhtml text/css application/x-javascript text/xml ap plication/atom+xml application/rss+xml; | 39 gzip_types text/plain text/xhtml text/css application/x-javascript text/xml ap plication/atom+xml application/rss+xml; |
40 <% end %> | 40 <% end %> |
41 | 41 |
42 ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA256 EECDH+aRS A+RC4 EDH+aRSA EECDH RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; | 42 ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECD SA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !aNULL !eNULL !LOW !MD5 !EXP !PSK !SRP !DSS !RC4 +3DES DES-CBC3-SHA"; |
Felix Dahlke
2014/04/26 22:19:47
After figuring out how this works, I think it'd be
Wladimir Palant
2014/04/27 20:35:34
You are right, I did that. I also decided to chang
| |
43 ssl_prefer_server_ciphers on; | 43 ssl_prefer_server_ciphers on; |
44 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | 44 ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; |
45 <% if ssl_session_cache == 'on' %> | 45 <% if ssl_session_cache == 'on' %> |
46 ssl_session_cache shared:SSL:1m; | 46 ssl_session_cache shared:SSL:1m; |
47 <% else %> | 47 <% else %> |
48 ssl_session_cache off; | 48 ssl_session_cache off; |
49 <% end %> | 49 <% end %> |
50 | 50 |
51 types_hash_max_size 2048; | 51 types_hash_max_size 2048; |
52 | 52 |
53 server_names_hash_bucket_size 64; | 53 server_names_hash_bucket_size 64; |
54 | 54 |
55 include /etc/nginx/conf.d/*.conf; | 55 include /etc/nginx/conf.d/*.conf; |
56 include /etc/nginx/sites-enabled/*; | 56 include /etc/nginx/sites-enabled/*; |
57 } | 57 } |
OLD | NEW |