Differences

This shows you the differences between two versions of the page.

--- servers:linux:nginx_php_php-fpm [2026/04/29 14:39] – [nginx] Sean Rhone
+++ servers:linux:nginx_php_php-fpm [2026/06/03 00:27] (current) – [Let's Encrypt] more PQC Sean Rhone
@@ Line 34: / Line 34: @@
   sudo systemctl stop 'nginx' 'php-fpm'
-===== Start =====
-  sudo systemctl start 'nginx'
-  sudo systemctl start 'php-fpm'
 ====== Disable Defaults ======
@@ Line 47: / Line 41: @@
 ****
-  sudo mv '/etc/nginx/nginx.conf' '/etc/nginx/nginx.conf~'
+  sudo mv -fv '/etc/nginx/nginx.conf' '/etc/nginx/nginx.conf~'
 ===== PHP-FPM =====
@@ Line 53: / Line 47: @@
 ****
-  sudo mv '/etc/php8/fpm/php-fpm.d/www.conf' '/etc/php8/fpm/php-fpm.d/www.conf~'
+  sudo mv -fv '/etc/php8/fpm/php-fpm.d/www.conf' '/etc/php8/fpm/php-fpm.d/www.conf~'
 ===== Check Defaults =====
@@ Line 127: / Line 121: @@
 <code>
-add_header 'Strict-Transport-Security' 'max-age=63072000; includeSubdomains; preload' 'always';
+ add_header 'Strict-Transport-Security' 'max-age=63072000; includeSubdomains; preload' 'always';
-add_header 'X-Content-Type-Options' 'nosniff' 'always';
+ add_header 'X-Content-Type-Options' 'nosniff' 'always';
-add_header 'X-Frame-Options' 'sameorigin' 'always';
+ add_header 'X-Frame-Options' 'sameorigin' 'always';
-add_header 'X-XSS-Protection' '1; mode=block' 'always';
+ add_header 'X-XSS-Protection' '1; mode=block' 'always';
-add_header 'Cache-Control' 'max-age=604800, no-transform, public' 'always';
+ add_header 'Cache-Control' 'max-age=604800, no-transform, public' 'always';
-add_header 'Referrer-Policy' 'same-origin' 'always';
+ add_header 'Referrer-Policy' 'same-origin' 'always';
-add_header 'Expect-CT' 'max-age=0' 'always';
+ add_header 'Expect-CT' 'max-age=0' 'always';
-add_header 'Permissions-Policy' 'geolocation=(), microphone=(), payment=(), usb=(), vr=(), magnetometer=(), midi=(), camera=(), ambient-light-sensor=(), accelerometer=()' 'always';
+ add_header 'Permissions-Policy' 'geolocation=(), microphone=(), payment=(), usb=(), vr=(), magnetometer=(), midi=(), camera=(), ambient-light-sensor=(), accelerometer=()' 'always';
 # End</code>
@@ Line 182: / Line 176: @@
   * The empty CSP allows all and can be useful for new site bring-ups, and should be placed in site-specific configs underneath the ''include'' line(s)
-<code>    add_header Content-Security-Policy "default-src 'self'" always;</code>
+<code>add_header Content-Security-Policy "default-src 'self'" always;</code>
-<code>    add_header Content-Security-Policy "" always;</code>
+<code>add_header Content-Security-Policy "" always;</code>
 ====== SSL Certs ======
@@ Line 195: / Line 189: @@
 <code>
-ssl_certificate '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem';
+ ssl_certificate '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem';
-ssl_trusted_certificate '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem';
+ ssl_trusted_certificate '/etc/letsencrypt/live/realmofespionage.xyz/fullchain.pem';
-ssl_certificate_key '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem';
+ ssl_certificate_key '/etc/letsencrypt/live/realmofespionage.xyz/privkey.pem';
-ssl_session_timeout '10m';
+ ssl_session_timeout '10m';
-ssl_session_cache 'shared:SSL:10m';
+ ssl_session_cache 'shared:SSL:10m';
-ssl_session_tickets 'off';
+ ssl_session_tickets 'off';
-ssl_buffer_size '4k';
+ ssl_buffer_size '4k';
-ssl_protocols 'TLSv1.2' 'TLSv1.3';
+ ssl_protocols 'TLSv1.2' 'TLSv1.3';
-ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM';
+ ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM';
-ssl_prefer_server_ciphers 'on';
+ ssl_prefer_server_ciphers 'on';
-ssl_ecdh_curve 'secp384r1';
+ ssl_ecdh_curve 'secp384r1:SecP384r1MLKEM1024:SecP256r1MLKEM768:X25519MLKEM768';
 # End</code>