From a4dd4b62375bcfd9f48e99967ad1ea3643bba070 Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Fri, 3 Jan 2025 06:45:40 -0700
Subject: [PATCH] Disable gzip

---
 etc/nginx/conf.d/default.conf | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/etc/nginx/conf.d/default.conf b/etc/nginx/conf.d/default.conf
index 5b4050b..5bdfa19 100644
--- a/etc/nginx/conf.d/default.conf
+++ b/etc/nginx/conf.d/default.conf
@@ -28,14 +28,18 @@ proxy_hide_header Strict-Transport-Security;
 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
 
 ## The following settings need to be declared manually per vhost:
-# ssl_certificate
-# ssl_certificate_key
-# ssl_trusted_certificate
-# ssl_stapling_file
+## ssl_certificate
+## ssl_certificate_key
+## ssl_trusted_certificate
+## ssl_stapling_file
 
 # Disable server tokens
 server_tokens off;
 
+# Disable compression
+## Mitigates oracle attacks
+gzip off;
+
 server {
     listen ipv4_1:80 default_server;
     listen [ipv6_1]:80 default_server;