initial commit

angie/j2cfg.yml

@@ -0,0 +1,60 @@
+cache_bypass:
+  - '$http_authorization'
+  - '$http_pragma'
+  - '$http_upgrade'
+
+compress_types:
+  - application/atom+xml
+  - application/javascript
+  - application/json
+  - application/vnd.api+json
+  - application/rss+xml
+  - application/x-javascript
+  - application/xhtml+xml
+  - application/xml
+  - image/svg+xml
+  - image/x-icon
+  - text/css
+  - text/javascript
+  - text/plain
+  - text/xml
+
+request_headers:
+  ## '$req_connection' is defined in /angie/autoconf/http-request-headers-basic.conf.j2
+  Connection: '$req_connection'
+  Upgrade: '$http_upgrade'
+  ## do not pass Accept-Encoding to backend
+  Accept-Encoding: ""
+  ## almost all browsers doesn't support this
+ #Early-Data: '$ssl_early_data'
+  Early-Data: ""
+
+response_headers: {}
+
+tls:
+  ## https://docs.openssl.org/3.0/man3/SSL_CONF_cmd/#supported-configuration-file-commands
+  conf_cmd:
+    Options: PrioritizeChaCha
+  stapling:
+    enable: false
+    verify: true
+  profiles:
+    modern:
+      protocols: TLSv1.3
+     #prefer_server_ciphers: off
+      session_tickets: off
+      session_timeout: 1d
+    intermediate:
+      protocols: TLSv1.2 TLSv1.3
+     #prefer_server_ciphers: off
+      ciphers: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
+      dhparam: tls/ffdhe2048.pem
+      session_tickets: off
+      session_timeout: 1d
+    old:
+      protocols: TLSv1 TLSv1.1 TLSv1.2 TLSv1.3
+      prefer_server_ciphers: on
+      ciphers: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA
+      dhparam: tls/dh1024.pem
+      session_tickets: off
+      session_timeout: 1d