I did the monthly configuration revision on my systems and decided to do some changes to my web server and this website.
Don’t load JavaScript when not needed (Hugo)
Originally I had KaTeX included on every page on here, but decided to limit it only to pages where I actually need LaTeX support. The majority of pages on here does not use LaTeX after all.
I did this by adjusting the Hugo template to only include it when the page parameter needLaTeX is set.
{{- if .Params.needLaTex }}
<!-- KaTeX includes here -->
{{- end }}
So now on all pages I actually need LaTeX, I can just specify something in the likes of:
---
title: "LaTeX Test"
needLaTeX: true
---
This should now have considerably reduced the browser footprint of my site.
Brotli on NGINX
Brotli is a next-generation compression format and algorithm.
It provides considerable better compression (albeit with higher server CPU load) than the traditional
gzip and deflate compressions that are normally used with HTTP.
I’m not going through the install here, as the paths and packages will be very system specific (and I run FreeBSD).
brotli on;
brotli_static on;
brotli_types *;
brotli on|off enables or disables on-the-fly compression.
brotli_static on|off|always checks whether static files are present in a version with a .br suffix and if so serve those. The always option will always serve those regardless whether the browser supports it or not.
brotli_types [mime] specify MIME types of files eligible for compression.
TLS Tweaks on NGINX
Disable unsafe TLS 1.0 and TLS 1.1
I explicitly added a ssl_protocols directive without TLSv1 and TLSv1.1, to only allow TLS 1.2 and TLS 1.3:
ssl_protocols TLSv1.3 TLSv1.2;
Also I enabled server side preferred ciphers:
ssl_prefer_server_ciphers on;
That’s it for now.