Best Nginx config for Cloudflare optimization

Anyone knows or have a tips to config Nginx for maximize performance when using Cloudflare.

Like should my origin server away use TLS1.3/HTTP2?, or should set longer time on ssl_session_cache/ssl_session_timeout/keepalive_timeout?

Thanks you.

Start with ECDSA SSL certificates on origin instead of RSA SSL certs https://community.centminmod.com/threads/improving-Cloudflare-connections-to-origin-server-use-ecdsa-ssl-certs.14817/. When combined with Nginx + OpenSSL 1.1.1 or Nginx + BoringSSL fork you will see much better ECDSA cipher performance compared to OpenSSL 1.0.2/1.1.0. My Centmin Mod Nginx builds support both OpenSSL 1.1.1 and BoringSSL built binaries https://community.centminmod.com/threads/centmin-mod-nginx-http-2-https-tls-1-3-support.15537/ :slight_smile:

FYI, Cloudflare has yet to enable TLS 1.3 CF to origin communication as yet see Cloudflare speak TLS 1.3 0-RTT with Origin Backend?

1 Like

They don’t HTTP/2 to the origin, either.

2 Likes

This topic was automatically closed after 30 days. New replies are no longer allowed.