118 lines
2.8 KiB
Nginx Configuration File
118 lines
2.8 KiB
Nginx Configuration File
user www-data;
|
|
worker_processes auto;
|
|
worker_rlimit_nofile 100000;
|
|
pid /run/nginx.pid;
|
|
|
|
events {
|
|
worker_connections 8192;
|
|
multi_accept on;
|
|
}
|
|
|
|
http {
|
|
|
|
##
|
|
# Basic Settings
|
|
##
|
|
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
server_tokens off;
|
|
reset_timedout_connection on;
|
|
|
|
send_timeout 15;
|
|
keepalive_timeout 15;
|
|
|
|
client_body_buffer_size 128k;
|
|
client_max_body_size 100m;
|
|
client_body_timeout 15;
|
|
client_header_timeout 15;
|
|
|
|
open_file_cache_valid 3m;
|
|
open_file_cache max=30000 inactive=1m;
|
|
|
|
types_hash_max_size 2048;
|
|
server_names_hash_max_size 2048;
|
|
# server_names_hash_bucket_size 64;
|
|
# server_name_in_redirect off;
|
|
|
|
limit_req_status 403;
|
|
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
|
|
limit_req_zone $binary_remote_addr zone=wp:10m rate=3r/s;
|
|
|
|
include /etc/nginx/mime.types;
|
|
include common/headers-http.conf;
|
|
default_type application/octet-stream;
|
|
|
|
##
|
|
# SSL Settings
|
|
##
|
|
|
|
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
|
|
ssl_buffer_size 4k;
|
|
ssl_session_tickets off;
|
|
ssl_session_timeout 10m;
|
|
ssl_session_cache shared:SSL:50m;
|
|
ssl_dhparam /etc/ssl/dhparam.pem;
|
|
ssl_ecdh_curve prime256v1:secp384r1:secp521r1;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT';
|
|
|
|
|
|
##
|
|
# Logging Settings
|
|
##
|
|
|
|
access_log /var/log/nginx/access.log;
|
|
error_log /var/log/nginx/error.log;
|
|
|
|
open_log_file_cache max=1000 inactive=30s valid=1m;
|
|
|
|
log_format we_log '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
|
|
'$http_host "$request" $status $body_bytes_sent '
|
|
'"$http_referer" "$http_user_agent"';
|
|
|
|
##
|
|
# Gzip Settings
|
|
##
|
|
|
|
gzip on;
|
|
gzip_disable "msie6";
|
|
|
|
gzip_vary on;
|
|
gzip_proxied any;
|
|
gzip_comp_level 6;
|
|
gzip_buffers 16 8k;
|
|
gzip_http_version 1.1;
|
|
gzip_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component text/xml text/javascript;
|
|
|
|
##
|
|
# Virtual Host Configs
|
|
##
|
|
|
|
include /etc/nginx/conf.d/*.conf;
|
|
include /etc/nginx/sites-enabled/*;
|
|
}
|
|
|
|
|
|
#mail {
|
|
# # See sample authentication script at:
|
|
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
|
|
#
|
|
# # auth_http localhost/auth.php;
|
|
# # pop3_capabilities "TOP" "USER";
|
|
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
|
|
#
|
|
# server {
|
|
# listen localhost:110;
|
|
# protocol pop3;
|
|
# proxy on;
|
|
# }
|
|
#
|
|
# server {
|
|
# listen localhost:143;
|
|
# protocol imap;
|
|
# proxy on;
|
|
# }
|
|
#}
|