@ -117,7 +117,7 @@ For this test the pages which are hosted in Barcelona have been loaded from a ma
We run gzip compression on all our text-based content, this lowers the size of transmitted information at the cost of a slight increase in required processing. By now this is common practice in most web servers but we enable it explicitly. Reducing the amount of data transferred will also reduce the total environmental footprint.
:::console
:::nginx
#Compression
gzip on;
gzip_disable "msie6";
@ -143,7 +143,7 @@ Caching is a technique in which some of the site's resources, such as style shee
The common practice is to cache everything except the HTML, so that when the user loads the web page again the HTML will notify the browser of all the changes. However since lowtechmagezine.com publishes only 12 articles per year, we decided to also cache HTML. The cache is set for one day, meaning it is only after a week that the user's browser will automatically check for new content. Only for the front and about pages this behaviour is disabled.
:::console
:::nginx
map $sent_http_content_type $expires {
default off;
text/html 1d;
@ -192,7 +192,7 @@ Not all browsers support HTTP2 but the NGINX implementation will automatically s
It is enabled at the start of the server directive:
:::console
:::nginx
server{
listen 443 ssl http2;
}
@ -206,7 +206,7 @@ There is something to be said in favour of supporting both HTTP and HTTPS versio
For this reason we redirect all our traffic to HTTPS via the following server directive:
:::console
:::nginx
server {
listen 80;
server_name solar.lowtechmagazine.com;
@ -218,14 +218,14 @@ For this reason we redirect all our traffic to HTTPS via the following server di
Then we've set up SSL with the following tweaks:
:::console
:::nginx
# Improve HTTPS performance with session resumption
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 180m;
SSL sessions only expire after three hours meaning that while someone browses the website, they don't need to renegotiate a new SSL session during this period:
:::console
:::nginx
# Enable server-side protection against BEAST attacks
We enable OCSP stapling which is quick way in which browsers can check whether the certificate is still active without incurring more round trips to the Certificate Issuer. Most tutorials recommend setting Google's `8.8.8.8` and `8.8.4.4` DNS servers but we don't want to use those. Instead we chose some servers provided through <https://www.opennic.org> that are close to our location:
@ -253,7 +253,7 @@ We enable OCSP stapling which is quick way in which browsers can check whether t
Last but not least, we set change the size of the SSL buffer to increase to so-called 'Time To First Byte'[^TTFB] which shortens the amount of time between passing between a click and elements changing on the screen:
:::console
:::nginx
# Lower the buffer size to increase TTFB
ssl_buffer_size 4k;
@ -291,7 +291,7 @@ Then the only thing you need to do in your NGINX config is to specify where your
