Tran­si­tion to nginx: part 3 — short and easy con­fig snip­pets

After some medium-difficoulty tran­si­tions in part 1 and part 2, here some easy ones:

php­MyAd­min: take the basics from one of the two oth­er blog posts (see above) with­out loca­tion direc­tives. For “loca­tion /” set the doc­u­ment root and copy the “loca­tion ~ \.php” from the con­fig of one of the parts above. Done.

TT-RSS: take the con­fig like for php­MyAd­min and add (assum­ing it is in the root of the serv­er, else you have to add the path in the front of the loca­tion)

location ^~ /(utils|templates|schema|cache|lock|locale|classes) {
     deny all;
}

Allow client-side caching for sta­t­ic con­tent:

location ~* \.(?:jpe?g|gif|png|ico|cur|gz|bz2|xz|tbz|tgz|txz|svg|svgz|mp4|ogg|ogv|webm|htc|css|js|
pdf|zip|rar|tar|txt|conf)$ {
    try_files $uri =404;

    expires 1w;     # If you are not a big site,

                    # and don't change static content often,

                    # 1 week is not bad.
    access_log off; # If you don't need the logs
    add_header Cache-Control "public";
}

Secu­ri­ty: Despite the fact that the docs I’ve read tell that no-SSLv3 is the default, the first set­ting makes a dif­fer­ence (test­ed via SSLlabs’ SSLtest).

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # No SSLv 2/3
ssl_dhparam /path/to/dhparams.pem;   # generate via "openssl dhparam -out /path/to/dhparams.pem 2048"

 

Send to Kin­dle

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.