extern/zabbix-docker
1
0
Fork 0
mirror of https://github.com/zabbix/zabbix-docker.git synced 2025-08-09 00:24:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Optimizations for Nginx/Apache configs

Browse Source
This commit is contained in:
Alexey Pustovalov
2021-06-08 19:10:03 -04:00
parent ec9e888ea2
commit d8eef085c7
12 changed files with 120 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
web-nginx-mysql/centos/conf/etc/zabbix/nginx_ssl.conf
View File

@ -21,13 +21,18 @@ server {
ssl_certificate_key /etc/ssl/nginx/ssl.key;
ssl_dhparam /etc/ssl/nginx/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_verify_depth 3;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
add_header Strict-Transport-Security "max-age=31536000; preload";
add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report";
location =/nginx_status {