Matrix-Mirrors/matrix.grapheneos.org
1
0
Fork 0
mirror of https://github.com/GrapheneOS/matrix.grapheneos.org.git synced 2025-02-23 08:09:56 -05:00
Code Issues Packages Projects Releases Wiki Activity

disable keepalive by default

Browse Source 
No need for keepalive for the internal socket.
This commit is contained in:
Daniel Micay 2024-03-20 19:28:05 -04:00
parent 15318cab02
commit 5054d718cf
1 changed files with 5 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
nginx/nginx.conf
View File

@ -26,7 +26,7 @@ http {
sendfile_max_chunk 256k; sendfile_max_chunk 256k;
tcp_nopush on; tcp_nopush on;
keepalive_requests 256; keepalive_requests 256;
keepalive_timeout 3m; keepalive_timeout 0;
server_tokens off; server_tokens off;
msie_padding off; msie_padding off;
@ -97,8 +97,6 @@ http {
listen 80 default_server backlog=4096; listen 80 default_server backlog=4096;
listen [::]:80 default_server backlog=4096; listen [::]:80 default_server backlog=4096;
keepalive_timeout 0;
# https://trac.nginx.org/nginx/ticket/2012 # https://trac.nginx.org/nginx/ticket/2012
location / { location / {
return 404; return 404;
@ -110,8 +108,6 @@ http {
listen [::]:80; listen [::]:80;
server_name matrix.grapheneos.org element.grapheneos.org; server_name matrix.grapheneos.org element.grapheneos.org;
keepalive_timeout 0;
location /.well-known/acme-challenge/ { location /.well-known/acme-challenge/ {
root /srv/certbot; root /srv/certbot;
} }
@ -126,8 +122,6 @@ http {
listen [::]:443 default_server ssl http2 backlog=4096; listen [::]:443 default_server ssl http2 backlog=4096;
ssl_reject_handshake on; ssl_reject_handshake on;
keepalive_timeout 0;
# https://trac.nginx.org/nginx/ticket/2012 # https://trac.nginx.org/nginx/ticket/2012
location / { location / {
return 404; return 404;
@ -139,6 +133,8 @@ http {
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name matrix.grapheneos.org; server_name matrix.grapheneos.org;
keepalive_timeout 3m;
include snippets/security-headers.conf; include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "same-origin" always; add_header Cross-Origin-Resource-Policy "same-origin" always;
add_header Content-Security-Policy "font-src 'none'; manifest-src 'none'; object-src 'none'; script-src 'none'; style-src 'none'; frame-ancestors 'none'" always; add_header Content-Security-Policy "font-src 'none'; manifest-src 'none'; object-src 'none'; script-src 'none'; style-src 'none'; frame-ancestors 'none'" always;
@ -184,6 +180,8 @@ http {
include root_element.grapheneos.org.conf; include root_element.grapheneos.org.conf;
keepalive_timeout 3m;
include snippets/security-headers.conf; include snippets/security-headers.conf;
add_header Cross-Origin-Resource-Policy "cross-origin" always; add_header Cross-Origin-Resource-Policy "cross-origin" always;
add_header Content-Security-Policy "font-src 'self'; manifest-src 'self'; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'" always; add_header Content-Security-Policy "font-src 'self'; manifest-src 'self'; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'" always;