move some settings around

2021-04-20 19:26:34 +02:00 · 2021-04-20 19:26:34 +02:00 · 255de3fc3f
commit 255de3fc3f
parent 794c3d2f67
1 changed files with 13 additions and 18 deletions
--- a/nginx/mattermost.conf
+++ b/nginx/mattermost.conf
@ -28,10 +28,21 @@ server {
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    # logging
    access_log /var/log/nginx/mm.access.log;
    error_log /var/log/nginx/mm.error.log warn;
    # gzip for performance
    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
    ## ssl
    ssl_dhparam /dhparams4096.pem;
    ssl_session_timeout 1d;
-    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
+    ssl_session_cache shared:MozSSL:10m;
    ssl_session_tickets off;
    # intermediate configuration
@ -57,21 +68,7 @@ server {
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
-    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
+    add_header Strict-Transport-Security "max-age=63072000" always;
    # logging
    access_log /var/log/nginx/mm.access.log;
    error_log /var/log/nginx/mm.error.log warn;
    # max allowed size of uploaded files
    client_max_body_size 256M;
    # gzip for performance
    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
    ## locations
    # ACME-challenge
@ -87,7 +84,6 @@ server {
        return 200 "User-agent: *\nDisallow: /\n";
    }
    # API websocket location
    location ~ /api/v[0-9]+/(users/)?websocket$ {
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
@ -108,7 +104,6 @@ server {
        proxy_pass http://backend;
    }
    # reverse proxy location
    location / {
        client_max_body_size 50M;
        proxy_set_header Connection "";