Browse Source

make syntax highlighting specific to language of the config file for legibility

master
rra 5 years ago
parent
commit
b9b2f0dfb4
  1. 2
      content/instant-messaging/configuring_an_xmpp_server_prosody_0.11.md
  2. 20
      content/lowtech/solarlowtech.md

2
content/instant-messaging/configuring_an_xmpp_server_prosody_0.11.md

@ -92,7 +92,7 @@ Make a backup of the default prosody configuration and install [the one by the h
The homebrewserver.club prosody config The homebrewserver.club prosody config
--- ---
:::console :::lua
-- a custom prosody config focused on high security and ease of use across (mobile) clients -- a custom prosody config focused on high security and ease of use across (mobile) clients
-- provided to you by the homebrewserver.club -- provided to you by the homebrewserver.club
-- the original config file (prosody.cfg.lua.original) will have more information -- the original config file (prosody.cfg.lua.original) will have more information

20
content/lowtech/solarlowtech.md

@ -117,7 +117,7 @@ For this test the pages which are hosted in Barcelona have been loaded from a ma
We run gzip compression on all our text-based content, this lowers the size of transmitted information at the cost of a slight increase in required processing. By now this is common practice in most web servers but we enable it explicitly. Reducing the amount of data transferred will also reduce the total environmental footprint. We run gzip compression on all our text-based content, this lowers the size of transmitted information at the cost of a slight increase in required processing. By now this is common practice in most web servers but we enable it explicitly. Reducing the amount of data transferred will also reduce the total environmental footprint.
:::console :::nginx
#Compression #Compression
gzip on; gzip on;
gzip_disable "msie6"; gzip_disable "msie6";
@ -143,7 +143,7 @@ Caching is a technique in which some of the site's resources, such as style shee
The common practice is to cache everything except the HTML, so that when the user loads the web page again the HTML will notify the browser of all the changes. However since lowtechmagezine.com publishes only 12 articles per year, we decided to also cache HTML. The cache is set for one day, meaning it is only after a week that the user's browser will automatically check for new content. Only for the front and about pages this behaviour is disabled. The common practice is to cache everything except the HTML, so that when the user loads the web page again the HTML will notify the browser of all the changes. However since lowtechmagezine.com publishes only 12 articles per year, we decided to also cache HTML. The cache is set for one day, meaning it is only after a week that the user's browser will automatically check for new content. Only for the front and about pages this behaviour is disabled.
:::console :::nginx
map $sent_http_content_type $expires { map $sent_http_content_type $expires {
default off; default off;
text/html 1d; text/html 1d;
@ -192,7 +192,7 @@ Not all browsers support HTTP2 but the NGINX implementation will automatically s
It is enabled at the start of the server directive: It is enabled at the start of the server directive:
:::console :::nginx
server{ server{
listen 443 ssl http2; listen 443 ssl http2;
} }
@ -206,7 +206,7 @@ There is something to be said in favour of supporting both HTTP and HTTPS versio
For this reason we redirect all our traffic to HTTPS via the following server directive: For this reason we redirect all our traffic to HTTPS via the following server directive:
:::console :::nginx
server { server {
listen 80; listen 80;
server_name solar.lowtechmagazine.com; server_name solar.lowtechmagazine.com;
@ -218,14 +218,14 @@ For this reason we redirect all our traffic to HTTPS via the following server di
Then we've set up SSL with the following tweaks: Then we've set up SSL with the following tweaks:
:::console :::nginx
# Improve HTTPS performance with session resumption # Improve HTTPS performance with session resumption
ssl_session_cache shared:SSL:10m; ssl_session_cache shared:SSL:10m;
ssl_session_timeout 180m; ssl_session_timeout 180m;
SSL sessions only expire after three hours meaning that while someone browses the website, they don't need to renegotiate a new SSL session during this period: SSL sessions only expire after three hours meaning that while someone browses the website, they don't need to renegotiate a new SSL session during this period:
:::console :::nginx
# Enable server-side protection against BEAST attacks # Enable server-side protection against BEAST attacks
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
@ -237,13 +237,13 @@ We use a limited set of modern cryptographic ciphers and protocols:
We tell the visitors browser to always use HTTPS, in order to reduce the amount of 301 redirects, which might slow down loading times: We tell the visitors browser to always use HTTPS, in order to reduce the amount of 301 redirects, which might slow down loading times:
:::console :::nginx
# Enable HSTS (https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security) # Enable HSTS (https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security)
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
We enable OCSP stapling which is quick way in which browsers can check whether the certificate is still active without incurring more round trips to the Certificate Issuer. Most tutorials recommend setting Google's `8.8.8.8` and `8.8.4.4` DNS servers but we don't want to use those. Instead we chose some servers provided through <https://www.opennic.org> that are close to our location: We enable OCSP stapling which is quick way in which browsers can check whether the certificate is still active without incurring more round trips to the Certificate Issuer. Most tutorials recommend setting Google's `8.8.8.8` and `8.8.4.4` DNS servers but we don't want to use those. Instead we chose some servers provided through <https://www.opennic.org> that are close to our location:
:::console :::nginx
# Enable OCSP stapling (http://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox) # Enable OCSP stapling (http://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox)
ssl_stapling on; ssl_stapling on;
ssl_stapling_verify on; ssl_stapling_verify on;
@ -253,7 +253,7 @@ We enable OCSP stapling which is quick way in which browsers can check whether t
Last but not least, we set change the size of the SSL buffer to increase to so-called 'Time To First Byte'[^TTFB] which shortens the amount of time between passing between a click and elements changing on the screen: Last but not least, we set change the size of the SSL buffer to increase to so-called 'Time To First Byte'[^TTFB] which shortens the amount of time between passing between a click and elements changing on the screen:
:::console :::nginx
# Lower the buffer size to increase TTFB # Lower the buffer size to increase TTFB
ssl_buffer_size 4k; ssl_buffer_size 4k;
@ -291,7 +291,7 @@ Then the only thing you need to do in your NGINX config is to specify where your
Without further ado: Without further ado:
:::console :::nginx
root@solarserver:/var/log/nginx# cat /etc/nginx/sites-enabled/solar.lowtechmagazine.com root@solarserver:/var/log/nginx# cat /etc/nginx/sites-enabled/solar.lowtechmagazine.com
# Expires map # Expires map

Loading…
Cancel
Save