From 364e8a98ad25127f2a51696ec03729e3a783044f Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Sat, 25 May 2024 22:16:47 +0300 Subject: 2024-05-25 --- modules/nginx.nix | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) (limited to 'modules/nginx.nix') diff --git a/modules/nginx.nix b/modules/nginx.nix index ed34237..b912e22 100644 --- a/modules/nginx.nix +++ b/modules/nginx.nix @@ -55,13 +55,16 @@ in serverTokens = false; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; + recommendedBrotliSettings = lib.mkDefault true; + recommendedGzipSettings = lib.mkDefault true; + recommendedOptimisation = lib.mkDefault true; + recommendedProxySettings = lib.mkDefault true; + recommendedTlsSettings = lib.mkDefault true; + recommendedZstdSettings = lib.mkDefault true; commonHttpConfig = concatStrings [ '' + access_log syslog:server=unix:/dev/log; add_header X-Robots-Tag "noindex, nofollow, noarchive, nosnippet"; '' (optionalString (hasAttr "wireguard" this) ( @@ -100,6 +103,8 @@ in ] ) cfg.virtualHosts )); + + sslDhparam = config.security.dhparams.params.nginx.path; }; fail2ban.jails = { @@ -114,6 +119,11 @@ in }; }; + security.dhparams = { + enable = true; + params.nginx = { }; + }; + networking.firewall.allowedTCPPorts = [ 80 443 -- cgit 1.4.1