From 9983c2dc9388fe7a10c02d6e2754485c5e7a5acd Mon Sep 17 00:00:00 2001
From: nokonoko <neku@pomf.se>
Date: Wed, 23 Jun 2021 13:13:08 +0200
Subject: [PATCH] better nginx config

File download domain should not use HTTP/2, HTTP/1 is usually a tad faster at delivering downloads.
---
 templates/nginx_confs/A.Y.conf   | 7 ++++++-
 templates/nginx_confs/X.Y.conf   | 9 +++++----
 templates/nginx_confs/nginx.conf | 3 ---
 3 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/templates/nginx_confs/A.Y.conf b/templates/nginx_confs/A.Y.conf
index e454247..3c10eab 100644
--- a/templates/nginx_confs/A.Y.conf
+++ b/templates/nginx_confs/A.Y.conf
@@ -1,10 +1,15 @@
 server{
-listen          443 ssl http2;
+listen          443 ssl;
 server_name     A.Y www.A.Y;
 ssl on;
 ssl_certificate /etc/letsencrypt/live/A.Y/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/A.Y/privkey.pem;
 ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+ssl_ecdh_curve secp384r1;
+ssl_buffer_size 4k;
+ssl_session_tickets off;
+ssl_session_timeout 24h;
 
 root            /var/www/uguu/files/;
 autoindex       off;
diff --git a/templates/nginx_confs/X.Y.conf b/templates/nginx_confs/X.Y.conf
index a66b266..6cf829b 100644
--- a/templates/nginx_confs/X.Y.conf
+++ b/templates/nginx_confs/X.Y.conf
@@ -7,8 +7,9 @@ ssl_certificate_key /etc/letsencrypt/live/X.Y/privkey.pem;
 ssl_protocols TLSv1.2 TLSv1.3;
 ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
 ssl_ecdh_curve secp384r1;
-ssl_buffer_size 2k;
+ssl_buffer_size 4k;
 ssl_session_tickets off;
+ssl_session_timeout 24h;
 
 root /var/www/uguu/dist/;
 autoindex		off;
@@ -16,9 +17,9 @@ access_log      off;
 index index.html index.php;
 etag on;
 
-location ~* \.(?:css|js|jpg|jpeg|gif|png|ico|xml|eot|woff|woff2|ttf|svg|otf)$ {
-add_header        Cache-Control "public";
-expires           30d;
+location ~* \.(css|js|jpg|jpeg|gif|png|ico|xml|eot|woff|woff2|ttf|svg|otf|x-icon|avif|webp|apng|min.js|min.css)$ {
+add_header Cache-Control "public";
+expires 30d;
 }
 
  gzip on;
diff --git a/templates/nginx_confs/nginx.conf b/templates/nginx_confs/nginx.conf
index 370acd0..24b7d70 100644
--- a/templates/nginx_confs/nginx.conf
+++ b/templates/nginx_confs/nginx.conf
@@ -12,9 +12,6 @@ events {
 }
 
 http {
-ssl_session_cache shared:SSL:5m;
-ssl_session_timeout 12h;
-ssl_session_tickets off;
 
 ##
 # Basic Settings