{ config, pkgs, ... }:


{

networking.firewall.allowedTCPPorts = [80 443 ];

services.nginx = {
	appendHttpConfig= ''server_names_hash_bucket_size 64;'';
        enable = true;
	sslProtocols = "TLSv1 TLSv1.1 TLSv1.2";
#	sslCiphers = "DHE+RSA+AES128+SHA:EECDH+aRSA+AESGCM:EDH+aRSA:EECDH+aRSA:+AES256:+AES128:+SHA1:!CAMELLIA:!SEED:!3DES:!DES:!RC4:!eNULL";
        recommendedGzipSettings = true;
        recommendedOptimisation = true;
        recommendedProxySettings = true;
        recommendedTlsSettings = false;
    };
}