disable keepalive by default

No need for keepalive for the HTTPS www redirects or the internal
socket.

nginx/nginx.conf

@@ -25,7 +25,7 @@ http {
     sendfile_max_chunk 256k;
     tcp_nopush on;
     keepalive_requests 256;
-    keepalive_timeout 3m;
+    keepalive_timeout 0;
     server_tokens off;
     msie_padding off;
 
@@ -91,8 +91,6 @@ http {
         listen 80 default_server backlog=4096;
         listen [::]:80 default_server backlog=4096;
 
-        keepalive_timeout 0;
-
         # https://trac.nginx.org/nginx/ticket/2012
         location / {
             return 404;
@@ -104,8 +102,6 @@ http {
         listen [::]:80;
         server_name seamlessupdate.app www.seamlessupdate.app releases.grapheneos.org apps.grapheneos.org;
 
-        keepalive_timeout 0;
-
         location /.well-known/acme-challenge/ {
             return 301 http://0.releases.grapheneos.org$request_uri;
         }
@@ -120,8 +116,6 @@ http {
         listen [::]:80;
         server_name 0.releases.grapheneos.org;
 
-        keepalive_timeout 0;
-
         location /.well-known/acme-challenge/ {
             root /srv/certbot;
         }
@@ -136,8 +130,6 @@ http {
         listen [::]:443 default_server ssl http2 backlog=4096;
         ssl_reject_handshake on;
 
-        keepalive_timeout 0;
-
         # https://trac.nginx.org/nginx/ticket/2012
         location / {
             return 404;
@@ -161,6 +153,8 @@ http {
 
         include root_releases.grapheneos.org.conf;
 
+        keepalive_timeout 3m;
+
         open_file_cache max=2048 inactive=1d;
         open_file_cache_valid 1d;
 
@@ -292,6 +286,8 @@ http {
 
         include root_apps.grapheneos.org.conf;
 
+        keepalive_timeout 3m;
+
         open_file_cache max=2048 inactive=1d;
         open_file_cache_valid 1d;