Skip to content

Instantly share code, notes, and snippets.

@centminmod centminmod/caddybench.domain.com.ssl.conf Secret
Last active Mar 5, 2019

Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
caddy 0.10.9 vs nginx h2load test 16/09/17 config files
Raw
caddybench.domain.com.ssl.conf
# /etc/caddy/conf.d/caddybench.domain.com.ssl.conf
caddybench.domain.com:443 {
gzip {
level 5
min_length 1400
}
#browse
header / {
#Strict-Transport-Security "max-age=31536000"
#Cache-Control "max-age=86400"
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
X-XSS-Protection "1; mode=block"
X-Powered-By "Caddy via CentminMod"
#-Server
}
timeouts {
read 10s
header 10s
write 20s
idle 2m
}
root /home/nginx/domains/caddybench.domain.com/public
fastcgi / 127.0.0.1:9000 {
ext .php
split .php
index index.php
connect_timeout 10s
read_timeout 10s
send_timeout 10s
}
errors /home/nginx/domains/caddybench.domain.com/log/caddy-caddybench.domain.com-errors.log {
rotate_size 100 # Rotate after 100 MB
rotate_age 14 # Keep log files for 14 days
rotate_keep 10 # Keep at most 10 log files
rotate_compress
}
log / /home/nginx/domains/caddybench.domain.com/log/caddy-caddybench.domain.com-access.ssl.log "{remote} {when} {method} {uri} {proto} {status} {size} {>User-Agent} {latency}" {
rotate_size 100 # Rotate after 100 MB
rotate_age 14 # Keep log files for 14 days
rotate_keep 10 # Keep at most 10 log files
rotate_compress
}
}
Raw
caddybench.domain.com.ssl.conf-proxycache.conf
# /etc/caddy/conf.d/caddybench.domain.com.ssl.conf
caddybench.domain.com:443 {
gzip {
level 5
min_length 1400
}
proxy / caddybench.domain.com:80
cache {
match_path /
match_header Content-Type image/jpg image/png text/html
status_header X-Cache-Status
default_max_age 5m
path /tmp/caddy-cache
}
#browse
header / {
#Strict-Transport-Security "max-age=31536000"
#Cache-Control "max-age=86400"
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
X-XSS-Protection "1; mode=block"
X-Powered-By "Caddy via CentminMod"
#-Server
}
timeouts {
read 10s
header 10s
write 20s
idle 2m
}
root /home/nginx/domains/caddybench.domain.com/public
fastcgi / 127.0.0.1:9000 {
ext .php
split .php
index index.php
connect_timeout 10s
read_timeout 10s
send_timeout 10s
}
errors /home/nginx/domains/caddybench.domain.com/log/caddy-caddybench.domain.com-errors.log {
rotate_size 100 # Rotate after 100 MB
rotate_age 14 # Keep log files for 14 days
rotate_keep 10 # Keep at most 10 log files
rotate_compress
}
log / /home/nginx/domains/caddybench.domain.com/log/caddy-caddybench.domain.com-access.ssl.log "{remote} {when} {method} {uri} {proto} {status} {size} {>User-Agent} {latency}" {
rotate_size 100 # Rotate after 100 MB
rotate_age 14 # Keep log files for 14 days
rotate_keep 10 # Keep at most 10 log files
rotate_compress
}
}
Raw
nginxbench.domain.com.ssl.conf
# /usr/local/nginx/conf/conf.d/nginxbench.domain.com.ssl.conf
#x# HTTPS-DEFAULT
server {
server_name nginxbench.domain.com www.nginxbench.domain.com;
return 302 https://$server_name$request_uri;
include /usr/local/nginx/conf/staticfiles.conf;
}
# server_name nginxbench.domain.com www.nginxbench.domain.com;
server {
listen 443 ssl http2;
server_name nginxbench.domain.com www.nginxbench.domain.com;
include /usr/local/nginx/conf/ssl/nginxbench.domain.com/nginxbench.domain.com.crt.key.conf;
include /usr/local/nginx/conf/ssl_include.conf;
http2_max_field_size 16k;
http2_max_header_size 32k;
# mozilla recommended
#ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
ssl_prefer_server_ciphers on;
#add_header Alternate-Protocol 443:npn-spdy/3;
# before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
#add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Xss-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
#spdy_headers_comp 5;
ssl_buffer_size 1369;
ssl_session_tickets on;
# enable ocsp stapling
resolver 8.8.8.8 8.8.4.4 valid=10m;
resolver_timeout 10s;
ssl_stapling on;
ssl_stapling_verify on;
# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;
# limit_conn limit_per_ip 16;
# ssi on;
access_log /home/nginx/domains/nginxbench.domain.com/log/access.log combined buffer=256k flush=5m;
error_log /home/nginx/domains/nginxbench.domain.com/log/error.log;
include /usr/local/nginx/conf/autoprotect/nginxbench.domain.com/autoprotect-nginxbench.domain.com.conf;
root /home/nginx/domains/nginxbench.domain.com/public;
# uncomment cloudflare.conf include if using cloudflare for
# server and/or vhost site
#include /usr/local/nginx/conf/cloudflare.conf;
include /usr/local/nginx/conf/503include-main.conf;
location / {
include /usr/local/nginx/conf/503include-only.conf;
# block common exploits, sql injections etc
#include /usr/local/nginx/conf/block.conf;
# Enables directory listings when index file not found
#autoindex on;
# Shows file listing times as local time
#autoindex_localtime on;
# Wordpress Permalinks example
#try_files $uri $uri/ /index.php?q=$uri&$args;
}
include /usr/local/nginx/conf/pre-staticfiles-local-nginxbench.domain.com.conf;
include /usr/local/nginx/conf/pre-staticfiles-global.conf;
include /usr/local/nginx/conf/staticfiles.conf;
include /usr/local/nginx/conf/php.conf;
include /usr/local/nginx/conf/drop.conf;
#include /usr/local/nginx/conf/errorpage.conf;
include /usr/local/nginx/conf/vts_server.conf;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.