fix(增加 nginx 默认配置)

gclm · gclm · commit febf0e36849e · 2020-06-01T18:51:20.000+08:00
diff --git a/config/nginx/snippets/compression.conf b/config/nginx/snippets/compression.conf
@@ -0,0 +1,9 @@
+# GZip 和 Brotli
+gzip            on;
+gzip_comp_level 6;
+gzip_min_length 1k;
+gzip_types      text/plain text/css text/xml text/javascript text/x-component application/json application/javascript application/x-javascript application/xml application/xhtml+xml application/rss+xml application/atom+xml application/x-font-ttf application/vnd.ms-fontobject image/svg+xml image/x-icon font/opentype;
+brotli          on;
+brotli_comp_level   6;
+brotli_min_length   1k;
+brotli_types    text/plain text/css text/xml text/javascript text/x-component application/json application/javascript application/x-javascript application/xml application/xhtml+xml application/rss+xml application/atom+xml application/x-font-ttf application/vnd.ms-fontobject image/svg+xml image/x-icon font/opentype;
diff --git a/config/nginx/snippets/default.conf b/config/nginx/snippets/default.conf
@@ -0,0 +1,9 @@
+proxy_redirect     off; 
+proxy_headers_hash_max_size 512;
+proxy_headers_hash_bucket_size 128; 
+proxy_set_header   Host              $host;
+proxy_set_header   X-Forwarded-Proto $scheme; 
+proxy_set_header   X-Real-IP         $remote_addr;
+proxy_set_header   X-Forwarded-For   $remote_addr;
+proxy_set_header   X-Forwarded-Host  $server_name;
+proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
diff --git a/config/nginx/snippets/ssl.conf b/config/nginx/snippets/ssl.conf
@@ -0,0 +1,17 @@
+#证书部分
+#ssl_certificate          /etc/nginx/ssl/fullchain.cer;
+#ssl_certificate_key      /etc/nginx/ssl/gclmit.club.key;
+#ssl_dhparam              /etc/nginx/ssl/dhparam.pem;
+
+#TLS 握手优化
+ssl_session_cache    shared:SSL:1m;
+ssl_session_timeout  5m;
+keepalive_timeout    75s;
+keepalive_requests   100;
+
+#TLS 版本控制
+ssl_protocols   TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+ssl_ciphers     'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5';
+
+# 开启 1.3 o-RTT
+ssl_early_data  on;
diff --git a/include/nginx.sh b/include/nginx.sh
@@ -24,6 +24,10 @@ module_hotfixes=true
 EOF
 
 yum install -y nginx
+mkdir -p /etc/nginx/snippets
+wget -0 /etc/nginx/snippets/compression.conf https://gitee.com/gclm/one-key-linux/raw/master/config/nginx/snippets/compression.conf
+wget -0 /etc/nginx/snippets/default.conf https://gitee.com/gclm/one-key-linux/raw/master/config/nginx/snippets/default.conf
+wget -0 /etc/nginx/snippets/ssl.conf https://gitee.com/gclm/one-key-linux/raw/master/config/nginx/snippets/ssl.conf
 clear
 echo "Nginx 安装完成"
 nginx -v
diff --git a/include/tengine-2.3.2.sh b/include/tengine-2.3.2.sh
@@ -62,6 +62,11 @@ chmod 700 /var/cache/nginx/*
 # nginx 默认配置
 mkdir /etc/nginx/conf.d
 wget -O nginx.conf https://gitee.com/gclm/one-key-linux/raw/master/config/nginx/nginx.conf
+
+mkdir /etc/nginx/snippets
+wget -0 /etc/nginx/snippets/compression.conf https://gitee.com/gclm/one-key-linux/raw/master/config/nginx/snippets/compression.conf
+wget -0 /etc/nginx/snippets/default.conf https://gitee.com/gclm/one-key-linux/raw/master/config/nginx/snippets/default.conf
+wget -0 /etc/nginx/snippets/ssl.conf https://gitee.com/gclm/one-key-linux/raw/master/config/nginx/snippets/ssl.conf
 }
 
 main(){
