e0f7aeaf03
Nginx Conf updated. More protection to prevent DOS attacks. Skip cache for more cart and sitemap plugins.
113 lines
2.6 KiB
Nginx Configuration File
113 lines
2.6 KiB
Nginx Configuration File
user www-data;
|
|
worker_processes auto;
|
|
worker_rlimit_nofile 100000;
|
|
pid /run/nginx.pid;
|
|
|
|
events {
|
|
worker_connections 8192;
|
|
multi_accept on;
|
|
}
|
|
|
|
http {
|
|
|
|
##
|
|
# Basic Settings
|
|
##
|
|
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
server_tokens off;
|
|
reset_timedout_connection on;
|
|
|
|
send_timeout 15;
|
|
keepalive_timeout 15;
|
|
|
|
client_body_buffer_size 128k;
|
|
client_max_body_size 100m;
|
|
client_body_timeout 15;
|
|
client_header_timeout 15;
|
|
|
|
open_file_cache_valid 3m;
|
|
open_file_cache max=30000 inactive=1m;
|
|
|
|
types_hash_max_size 2048;
|
|
# server_names_hash_bucket_size 64;
|
|
# server_name_in_redirect off;
|
|
|
|
limit_req_status 403;
|
|
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
|
|
|
|
include /etc/nginx/mime.types;
|
|
include common/headers-http.conf;
|
|
default_type application/octet-stream;
|
|
|
|
##
|
|
# SSL Settings
|
|
##
|
|
|
|
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
|
|
ssl_session_timeout 10m;
|
|
ssl_session_cache shared:SSL:20m;
|
|
ssl_dhparam /etc/ssl/dhparam.pem;
|
|
ssl_ecdh_curve prime256v1:secp384r1:secp521r1;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT';
|
|
|
|
##
|
|
# Logging Settings
|
|
##
|
|
|
|
access_log /var/log/nginx/access.log;
|
|
error_log /var/log/nginx/error.log;
|
|
|
|
open_log_file_cache max=1000 inactive=30s valid=1m;
|
|
|
|
log_format we_log '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
|
|
'$http_host "$request" $status $body_bytes_sent '
|
|
'"$http_referer" "$http_user_agent"';
|
|
|
|
##
|
|
# Gzip Settings
|
|
##
|
|
|
|
gzip on;
|
|
gzip_disable "msie6";
|
|
|
|
gzip_vary on;
|
|
gzip_proxied any;
|
|
gzip_comp_level 6;
|
|
gzip_buffers 16 8k;
|
|
gzip_http_version 1.1;
|
|
gzip_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component text/xml text/javascript;
|
|
|
|
##
|
|
# Virtual Host Configs
|
|
##
|
|
|
|
include /etc/nginx/conf.d/*.conf;
|
|
include /etc/nginx/sites-enabled/*;
|
|
}
|
|
|
|
|
|
#mail {
|
|
# # See sample authentication script at:
|
|
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
|
|
#
|
|
# # auth_http localhost/auth.php;
|
|
# # pop3_capabilities "TOP" "USER";
|
|
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
|
|
#
|
|
# server {
|
|
# listen localhost:110;
|
|
# protocol pop3;
|
|
# proxy on;
|
|
# }
|
|
#
|
|
# server {
|
|
# listen localhost:143;
|
|
# protocol imap;
|
|
# proxy on;
|
|
# }
|
|
#}
|