Coding Cloud

Optimize NGiNX Performance

MD
S
Markdown

Some snippets to improve Nginx Performance. Based on: https://bjornjohansen.no/optimizing-https-nginx

Connection Credentials Caching

http { ssl_session_cache shared:SSL:10m; #(1m = 4000 sessions) ssl_session_timeout 180m; ... }

DH Parameters for DHE Handshake

openssl dhparam 2048 -out /etc/nginx/cert/dhparam.pem ssl_dhparam /etc/nginx/cert/dhparam.pem;

All in one security bundle

server { listen 443 ssl http2; listen [::]:443 ssl http2;

    ssl_certificate /etc/nginx/cert/bjornjohansen.no.certchain.crt;
    ssl_certificate_key /etc/nginx/cert/bjornjohansen.no.key;

    ssl_session_cache shared:SSL:20m;
    ssl_session_timeout 60m;

    ssl_prefer_server_ciphers on;

    ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5;

    ssl_dhparam /etc/nginx/cert/dhparam.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/nginx/cert/trustchain.crt;
    resolver 8.8.8.8 8.8.4.4;

    #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header Strict-Transport-Security "max-age=31536000" always;

    # Rest of your regular config goes here:
    # […]

}

Created on 1/25/2018