gfjardim / docker-containers

50 stars 75 forks source link

Update install.sh #42

Closed Scott-St closed 9 years ago

Scott-St commented 9 years ago

When adding dropbox external folder gateway timeouts keep happening on larger files. Adjusted the keepalive timeout to 15 mins and added proxy timeouts or 20mins. The keepalive may not be required to change. Timeouts happen since the server downloads the file from dropbox before sending it to the client. If the timeout is too low it doesn't get downloaded before the timeout to send to client gets hit: keepalive_timeout 1200; proxy_read_timeout 1800; fastcgi_read_timeout 1800;

Could be a lower setting but higher is better right?

Create DH Parameters File

openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096

ssl_dhparam /etc/ssl/certs/dhparam.pem;

Enhanced SSL configuration by restricting to strong ciphers: ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";

ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m;

Add HSTS: add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";