Commit 833c7e04 authored by Алексей Широких's avatar Алексей Широких Committed by EKbfh

Optimize nginx config. use better gzip and cache control

parent a8b571dd
......@@ -9,8 +9,10 @@ required_assets:
nginx_log_dir: /var/log/nginx
nginx_path: /usr/sbin/nginx
nginx_conf_path: "{{ etc_prefix }}/nginx/conf.d/noc.conf"
nginx_ssl_cert_path: "{{ etc_prefix }}/nginx/ssl/noc.crt"
nginx_ssl_key_path: "{{ etc_prefix }}/nginx/ssl/noc.key"
nginx_ssl_path: "{{ etc_prefix }}/nginx/ssl"
nginx_ssl_cert_path: "{{ nginx_ssl_path }}/noc.crt"
nginx_ssl_key_path: "{{ nginx_ssl_path }}/noc.key"
nginx_ssl_settings: "{{ nginx_ssl_path }}/noc_ssl.conf"
nginx_system_service: nginx
reload_command: "systemctl reload nginx||true"
nginx_conf_upstream_path: "{{ etc_prefix }}/nginx/upstream.conf"
......@@ -14,10 +14,15 @@
src: "{{ item.name }}"
dest: "{{ item.path }}"
owner: "{{ nginx_user }}"
force: "{{ item.force }}"
notify: reload nginx
with_items:
- name: noc.conf.j2
path: "{{ nginx_conf_path }}"
force: "True"
- name: noc_ssl.conf.j2
path: "{{ nginx_ssl_settings }}"
force: "True"
tags:
- config
......
This diff is collapsed.
ssl_session_cache shared:NOC_SSL:1m;
ssl_session_timeout 1440m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment