From 1286294c71f03daf709bb67e629ed86db6c8b673 Mon Sep 17 00:00:00 2001 From: Keith Morgan Date: Wed, 24 Feb 2016 13:33:55 -0600 Subject: [PATCH 1/4] Removed obsolete spdy_headers_comp directive. --- nginx.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx.conf b/nginx.conf index f17c471e..6ff491f8 100644 --- a/nginx.conf +++ b/nginx.conf @@ -117,8 +117,8 @@ http { ## Fill in with your own resolver. resolver 8.8.8.8; - ## Use fast header compression for SPDY. - spdy_headers_comp 1; + ## Use fast header compression for SPDY in nginx versions 1.3.15-1.8. + #spdy_headers_comp 1; ## Uncomment to increase map_hash_bucket_size. If start getting ## [emerg]: could not build the map_hash, you should increase From e1b117e04903408e36499ed042edb50177c2968e Mon Sep 17 00:00:00 2001 From: Keith Morgan Date: Wed, 24 Feb 2016 13:46:23 -0600 Subject: [PATCH 2/4] Updated fastcgi_cache_key to use $request_method. --- apps/drupal/microcache_fcgi_auth.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/drupal/microcache_fcgi_auth.conf b/apps/drupal/microcache_fcgi_auth.conf index 6a481581..7b2b7c3c 100644 --- a/apps/drupal/microcache_fcgi_auth.conf +++ b/apps/drupal/microcache_fcgi_auth.conf @@ -3,7 +3,7 @@ ## The cache zone referenced. fastcgi_cache microcache; ## The cache key. -fastcgi_cache_key $cache_uid@$scheme$host$request_uri; +fastcgi_cache_key $cache_uid@$scheme$request_method$host$request_uri; ## For 200 and 301 make the cache valid for 15s. fastcgi_cache_valid 200 301 15s; From 63018e1b5ed5749947580ec410748333d7f312a3 Mon Sep 17 00:00:00 2001 From: Keith Morgan Date: Wed, 24 Feb 2016 13:53:19 -0600 Subject: [PATCH 3/4] Changed ssl_protocols to use only TLS SSL ciphers. --- nginx.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx.conf b/nginx.conf index 6ff491f8..100ffaf0 100644 --- a/nginx.conf +++ b/nginx.conf @@ -100,8 +100,8 @@ http { ## for crufty clients. ssl_ciphers ECDH+aRSA+AESGCM:ECDH+aRSA+SHA384:ECDH+aRSA+SHA256:ECDH:EDH+CAMELLIA:EDH+aRSA:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA; - ## No SSL2 support. Legacy support of SSLv3. - ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; + ## Enable TLS only. No SSL support. + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ## Pregenerated Diffie-Hellman parameters. ssl_dhparam /etc/nginx/dh_param.pem; From 1fde747b8e4f3a889e9856e5b39a4fb1154daf57 Mon Sep 17 00:00:00 2001 From: Keith Morgan Date: Wed, 24 Feb 2016 13:55:42 -0600 Subject: [PATCH 4/4] Disabled access_log in php_fpm_status_vhost. --- php_fpm_status_vhost.conf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/php_fpm_status_vhost.conf b/php_fpm_status_vhost.conf index b62f7106..4f57501d 100644 --- a/php_fpm_status_vhost.conf +++ b/php_fpm_status_vhost.conf @@ -14,6 +14,7 @@ location = /fpm-status { return 404; } fastcgi_pass www0; + access_log off; } ## The ping page is at /ping and returns the string configured at the php-fpm level. @@ -23,6 +24,7 @@ location = /ping { return 404; } fastcgi_pass www0; + access_log off; } ## This is for the second pool. It assumes that you've configured @@ -37,6 +39,7 @@ location = /fpm-status-zwei { return 404; } fastcgi_pass www1; + access_log off; } ## The ping page is at /ping and returns the string configured at the php-fpm level. @@ -46,6 +49,7 @@ location = /ping-zwei { return 404; } fastcgi_pass www1; + access_log off; } ## This is for the third pool that acts as backup. It assumes that @@ -61,6 +65,7 @@ location = /fpm-status-drei { return 404; } fastcgi_pass www2; + access_log off; } ## The ping page is at /ping and returns the string configured at the php-fpm level. @@ -70,4 +75,5 @@ location = /ping-drei { return 404; } fastcgi_pass www2; + access_log off; }