diff --git a/modules/nixos/services/web/nginx/default.nix b/modules/nixos/services/web/nginx/default.nix
index 25295d9..61d09b1 100644
--- a/modules/nixos/services/web/nginx/default.nix
+++ b/modules/nixos/services/web/nginx/default.nix
@@ -13,10 +13,19 @@ in {
   };
 
   config = mkIf cfg.enable {
+    security.dhparams = {
+      enable = true;
+      params.nginx = {};
+    };
+
     services.nginx = {
       enable = true;
       package = pkgs.nginxStable.override {openssl = pkgs.libressl;};
       recommendedProxySettings = true;
+      recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+      recommendedTlsSettings = true;
+      sslDhparam = config.security.dhparams.params.nginx.path;
       virtualHosts = {
         "node.nyc.zackmyers.io" = {
           forceSSL = true;