Skip to content

Instantly share code, notes, and snippets.

View loodachina's full-sized avatar

Igor Radulovic loodachina

4 followers · 1 following
View GitHub Profile
@loodachina
loodachina / Instructions.sh
Created April 26, 2018 01:05 — forked from GhazanfarMir/Instructions.sh
Install PHP7.2 NGINX and PHP7.2-FPM on Ubuntu 16.04
########## Install NGINX ##############
# Install software-properties-common package to give us add-apt-repository package
sudo apt-get install -y software-properties-common
# Install latest nginx version from community maintained ppa
sudo add-apt-repository ppa:nginx/stable
# Update packages after adding ppa
@loodachina
loodachina / nginx-tuning.md
Created April 26, 2018 01:03 — forked from denji/nginx-tuning.md
NGINX tuning for best performance

Moved to git repository: https://github.com/denji/nginx-tuning

NGINX Tuning For Best Performance

For this configuration you can use web server you like, i decided, because i work mostly with it to use nginx.

Generally, properly configured nginx can handle up to 400K to 500K requests per second (clustered), most what i saw is 50K to 80K (non-clustered) requests per second and 30% CPU load, course, this was 2 x Intel Xeon with HyperThreading enabled, but it can work without problem on slower machines.

You must understand that this config is used in testing environment and not in production so you will need to find a way to implement most of those features best possible for your servers.

@loodachina
loodachina / letsencrypt_2017.md
Created April 26, 2018 01:00 — forked from cecilemuller/letsencrypt_2020.md
How to setup Let's Encrypt for Nginx on Ubuntu 16.04 (including IPv6, HTTP/2 and A+ SLL rating)

How to setup Let's Encrypt for Nginx on Ubuntu 16.04 (including IPv6, HTTP/2 and A+ SLL rating)

There are two main modes to run the Let's Encrypt client (called Certbot):

  • Standalone: replaces the webserver to respond to ACME challenges
  • Webroot: needs your webserver to serve challenges from a known folder.

Webroot is better because it doesn't need to replace Nginx (to bind to port 80).

In the following, we're setting up mydomain.com. HTML is served from /var/www/mydomain, and challenges are served from /var/www/letsencrypt.

@loodachina
loodachina / nginx.conf
Created April 26, 2018 00:59 — forked from nrollr/nginx.conf
NGINX config for SSL with Let's Encrypt certs
# Advanced config for NGINX
server_tokens off;
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
# Redirect all HTTP traffic to HTTPS
server {
listen 80;
server_name www.domain.com domain.com;
return 301 https://$host$request_uri;
@loodachina
loodachina / nginx.conf
Created April 26, 2018 00:58 — forked from plentz/nginx.conf
Best nginx configuration for improved security(and performance). Complete blog post here http://tautt.com/best-nginx-configuration-for-security/
# to generate your dhparam.pem file, run in the terminal
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
@loodachina
loodachina / TLS
Created April 26, 2018 00:40 — forked from jult/TLS
My nginx include for TLS/SSL A+ rating at ssllabs.com/ssltest using nginx/1.13.10
# version 2018 april 09
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
# Tolerant (compatibility with WinXP and pre android 5 is bad, but still supports wide range of clients: Compatible with Firefox 1, Chrome 1, IE 7, Opera 5 and Safari 1!):
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
ssl_certificate /etc/letsencrypt/live/yardomain.org/fullchain.pem;
ssl_certif