make syntax highlighting specific to language of the config file for legibility
This commit is contained in:
parent
05a6675137
commit
b9b2f0dfb4
@ -92,7 +92,7 @@ Make a backup of the default prosody configuration and install [the one by the h
|
||||
The homebrewserver.club prosody config
|
||||
---
|
||||
|
||||
:::console
|
||||
:::lua
|
||||
-- a custom prosody config focused on high security and ease of use across (mobile) clients
|
||||
-- provided to you by the homebrewserver.club
|
||||
-- the original config file (prosody.cfg.lua.original) will have more information
|
||||
|
@ -117,7 +117,7 @@ For this test the pages which are hosted in Barcelona have been loaded from a ma
|
||||
|
||||
We run gzip compression on all our text-based content, this lowers the size of transmitted information at the cost of a slight increase in required processing. By now this is common practice in most web servers but we enable it explicitly. Reducing the amount of data transferred will also reduce the total environmental footprint.
|
||||
|
||||
:::console
|
||||
:::nginx
|
||||
#Compression
|
||||
gzip on;
|
||||
gzip_disable "msie6";
|
||||
@ -143,7 +143,7 @@ Caching is a technique in which some of the site's resources, such as style shee
|
||||
|
||||
The common practice is to cache everything except the HTML, so that when the user loads the web page again the HTML will notify the browser of all the changes. However since lowtechmagezine.com publishes only 12 articles per year, we decided to also cache HTML. The cache is set for one day, meaning it is only after a week that the user's browser will automatically check for new content. Only for the front and about pages this behaviour is disabled.
|
||||
|
||||
:::console
|
||||
:::nginx
|
||||
map $sent_http_content_type $expires {
|
||||
default off;
|
||||
text/html 1d;
|
||||
@ -192,7 +192,7 @@ Not all browsers support HTTP2 but the NGINX implementation will automatically s
|
||||
|
||||
It is enabled at the start of the server directive:
|
||||
|
||||
:::console
|
||||
:::nginx
|
||||
server{
|
||||
listen 443 ssl http2;
|
||||
}
|
||||
@ -206,7 +206,7 @@ There is something to be said in favour of supporting both HTTP and HTTPS versio
|
||||
|
||||
For this reason we redirect all our traffic to HTTPS via the following server directive:
|
||||
|
||||
:::console
|
||||
:::nginx
|
||||
server {
|
||||
listen 80;
|
||||
server_name solar.lowtechmagazine.com;
|
||||
@ -218,14 +218,14 @@ For this reason we redirect all our traffic to HTTPS via the following server di
|
||||
|
||||
Then we've set up SSL with the following tweaks:
|
||||
|
||||
:::console
|
||||
:::nginx
|
||||
# Improve HTTPS performance with session resumption
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_timeout 180m;
|
||||
|
||||
SSL sessions only expire after three hours meaning that while someone browses the website, they don't need to renegotiate a new SSL session during this period:
|
||||
|
||||
:::console
|
||||
:::nginx
|
||||
# Enable server-side protection against BEAST attacks
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
|
||||
@ -237,13 +237,13 @@ We use a limited set of modern cryptographic ciphers and protocols:
|
||||
|
||||
We tell the visitors browser to always use HTTPS, in order to reduce the amount of 301 redirects, which might slow down loading times:
|
||||
|
||||
:::console
|
||||
:::nginx
|
||||
# Enable HSTS (https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security)
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
|
||||
|
||||
We enable OCSP stapling which is quick way in which browsers can check whether the certificate is still active without incurring more round trips to the Certificate Issuer. Most tutorials recommend setting Google's `8.8.8.8` and `8.8.4.4` DNS servers but we don't want to use those. Instead we chose some servers provided through <https://www.opennic.org> that are close to our location:
|
||||
|
||||
:::console
|
||||
:::nginx
|
||||
# Enable OCSP stapling (http://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox)
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
@ -253,7 +253,7 @@ We enable OCSP stapling which is quick way in which browsers can check whether t
|
||||
|
||||
Last but not least, we set change the size of the SSL buffer to increase to so-called 'Time To First Byte'[^TTFB] which shortens the amount of time between passing between a click and elements changing on the screen:
|
||||
|
||||
:::console
|
||||
:::nginx
|
||||
# Lower the buffer size to increase TTFB
|
||||
ssl_buffer_size 4k;
|
||||
|
||||
@ -291,7 +291,7 @@ Then the only thing you need to do in your NGINX config is to specify where your
|
||||
|
||||
Without further ado:
|
||||
|
||||
:::console
|
||||
:::nginx
|
||||
root@solarserver:/var/log/nginx# cat /etc/nginx/sites-enabled/solar.lowtechmagazine.com
|
||||
|
||||
# Expires map
|
||||
|
Loading…
Reference in New Issue
Block a user