increase nginx config security, add early_preload for future http3, a…

…dd 443 udp port

config/nginx/nginx.conf

@@ -69,6 +69,7 @@ http {
     map_hash_bucket_size            512;
     # increase concurrency performance
     keepalive_requests              1000;
+    http2_push_preload              on;
 
     map $remote_addr $not_logging {
         default 1;
@@ -99,7 +100,7 @@ http {
     # intermediate configuration
     ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
     ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-    ssl_prefer_server_ciphers off;
+    ssl_prefer_server_ciphers on;
 
     # OCSP stapling
     ssl_stapling on;

docker-compose.yml

@@ -51,7 +51,8 @@ services:
       - updater
     ports:
       - "80:80"
-      - "443:443"
+      - "443:443/tcp"
+      - "443:443/udp"
     expose:
       - "8084"
     volumes: