add more tabs and short descriptions

seonghobae · Sep 2, 2019 · 78965c3 · 78965c3
1 parent f0597f6
commit 78965c3
Showing 1 changed file with 53 additions and 44 deletions.
diff --git a/debian/nginx.conf b/debian/nginx.conf
@@ -88,55 +88,64 @@ http {
     ignore_invalid_headers on;
 
     # Decrease default timeouts to drop slow clients
-    keepalive_timeout 40s;
-    send_timeout 20s;
-    client_header_timeout 20s;
-    client_body_timeout 20s;
-    reset_timedout_connection on;
+        keepalive_timeout 40s;
+        send_timeout 20s;
+        client_header_timeout 20s;
+        client_body_timeout 20s;
+        reset_timedout_connection on;
 
-    server_names_hash_bucket_size 64;
+    # Hash sizes
+        server_names_hash_bucket_size 64;
 
-    default_type  application/octet-stream;
-    include /etc/nginx/mime.types;
+    # mine types
+        default_type  application/octet-stream;
+        include /etc/nginx/mime.types;
 
-    log_format main '$remote_addr - $remote_user [$time_local] "$request" $status $bytes_sent "$http_referer" "$http_user_agent" "$gzip_ratio"';
-    access_log /var/log/nginx/access.log main;
-    error_log /var/log/nginx/error.log warn;
+    # log
+        log_format main '$remote_addr - $remote_user [$time_local] "$request" $status $bytes_sent "$http_referer" "$http_user_agent" "$gzip_ratio"';
+        access_log /var/log/nginx/access.log main;
+        error_log /var/log/nginx/error.log warn;
 
     # Limits
-    limit_req_zone  $binary_remote_addr  zone=dos_attack:20m   rate=30r/m;
-
-    gzip on;
-    gzip_disable "msie6";
-    gzip_vary off;
-    gzip_proxied any;
-    gzip_comp_level 2;
-    gzip_min_length 1000;
-    gzip_buffers 16 8k;
-    gzip_http_version 1.1;
-    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/atom+xml;
+        limit_req_zone  $binary_remote_addr  zone=dos_attack:20m   rate=30r/m;
+
+    # Gzip
+        gzip on;
+        gzip_disable "msie6";
+        gzip_vary off;
+        gzip_proxied any;
+        gzip_comp_level 2;
+        gzip_min_length 1000;
+        gzip_buffers 16 8k;
+        gzip_http_version 1.1;
+        gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/atom+xml;
+
+    # Brotli
+        # brotli on;
+        # brotli_static on;
 
     # Virtual Host Configs
-    include /etc/nginx/sites-enabled/*.conf;
-
-    # Only allow save protocols
-    #ssl_protocols TLSv1.2 TLSv1.3;
-    # Prefer server side protocols for SSLv3 and TLSv1
-    #ssl_prefer_server_ciphers on;
-    #ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";
-    # SSL session cache
-    #ssl_session_cache shared:SSL:50m;
-    #ssl_session_timeout 5m;
-    #ssl_buffer_size 4k;
-    #ssl_session_tickets on;
-
-    # Problem with sect571 and ecdhe ciphers
-    #ssl_ecdh_curve secp384r1:secp521r1;
-
-    #add_header Content-Security-Policy "";
-    #add_header Strict-Transport-Security "max-age=15768000;includeSubDomains;preload";
-    #add_header X-Frame-Options DENY;
-    #add_header X-Content-Type-Options nosniff;
-    #add_header X-XSS-Protection "1; mode=block";
-    #add_header Public-Key-Pins '';
+        include /etc/nginx/sites-enabled/*.conf;
+
+    # SSL and HSTS
+        # Only allow save protocols
+            # ssl_protocols TLSv1.2 TLSv1.3;
+        # Prefer server side protocols for SSLv3 and TLSv1
+            # ssl_prefer_server_ciphers on;
+            # ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";
+        # SSL session cache
+            # ssl_session_cache shared:SSL:50m;
+            # ssl_session_timeout 5m;
+            # ssl_buffer_size 4k;
+            # ssl_session_tickets on;
+
+        # Problem with sect571 and ecdhe ciphers
+            # ssl_ecdh_curve secp384r1:secp521r1;
+
+        # add_header Content-Security-Policy "";
+        # add_header Strict-Transport-Security "max-age=15768000;includeSubDomains;preload";
+        # add_header X-Frame-Options DENY;
+        # add_header X-Content-Type-Options nosniff;
+        # add_header X-XSS-Protection "1; mode=block";
+        # add_header Public-Key-Pins '';
 }