Learn about Centmin Mod LEMP Stack today
Register Now

SSL Nginx ssl optimizations

Discussion in 'Feature Requests & Suggestions' started by pamamolf, Nov 23, 2017.

  1. pamamolf

    pamamolf Premium Member Premium Member

    4,068
    427
    83
    May 31, 2014
    Ratings:
    +832
    Local Time:
    5:35 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    Hello :)

    As ssl is the way to go i would like to recommend some Nginx optimizations :

    http://nginx.org/en/docs/http/configuring_https_servers.html


    Ssl cache with a timeout .....

    I think that will help and will be great to have them out of the box :)

    What do you think George?

    Thank you
     
  2. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,672
    Local Time:
    12:35 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    which timeout as Centmin Mod Nginx already sets the outlined ssl timeouts for ssl session resumption when nginx HTTP/2 HTTPS vhost is created
    Code:
    ssl_session_cache      shared:SSL:10m;
    ssl_session_timeout    60m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2; 
     
  3. pamamolf

    pamamolf Premium Member Premium Member

    4,068
    427
    83
    May 31, 2014
    Ratings:
    +832
    Local Time:
    5:35 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    I don't have the that values on any of my configs:

    Creating from menu 2 a self signed certificate shouldn't enable them and add them where they should be?
     
  4. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,672
    Local Time:
    12:35 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    if you created HTTP/2 HTTPS vhost via centmin mod addons/acemtool.sh and letsencrypt integration, those values are set in vhost include file at /usr/local/nginx/conf/ssl_include.conf
     
  5. pamamolf

    pamamolf Premium Member Premium Member

    4,068
    427
    83
    May 31, 2014
    Ratings:
    +832
    Local Time:
    5:35 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    Ok got it thanks :)
     
  6. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,672
    Local Time:
    12:35 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    It should be created for self-signed ssl cert nginx vhosts too

    just tested in 123.09beta01 on centos 7 contents for self-signed cert testdomain1.com ssl vhost at /usr/local/nginx/conf/conf.d/testdomain1.com.ssl.conf

    Code (Text):
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    # server {
    #       listen   80;
    #       server_name testdomain1.com www.testdomain1.com;
    #       return 302 https://$server_name$request_uri;
    # }
    
    server {
      listen 443 ssl http2;
      server_name testdomain1.com www.testdomain1.com;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/testdomain1.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/testdomain1.com/testdomain1.com.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/testdomain1.com/testdomain1.com.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
    .. snipped ..
    

    has include file
    Code (Text):
      include /usr/local/nginx/conf/ssl_include.conf;