aboutsummaryrefslogtreecommitdiff
path: root/debian/personal-vps/nginx/nginx.conf
diff options
context:
space:
mode:
Diffstat (limited to 'debian/personal-vps/nginx/nginx.conf')
-rw-r--r--debian/personal-vps/nginx/nginx.conf68
1 files changed, 68 insertions, 0 deletions
diff --git a/debian/personal-vps/nginx/nginx.conf b/debian/personal-vps/nginx/nginx.conf
new file mode 100644
index 0000000..904923d
--- /dev/null
+++ b/debian/personal-vps/nginx/nginx.conf
@@ -0,0 +1,68 @@
+pid /run/nginx.pid;
+user www-data;
+worker_processes 1;
+
+events {
+ multi_accept on;
+ use epoll;
+ worker_connections 1024;
+}
+
+http {
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+ server_names_hash_bucket_size 128;
+
+ # Logging
+ access_log off;
+ error_log /var/log/nginx/error.log warn;
+
+ # Timings
+ keepalive_requests 100;
+ keepalive_timeout 30;
+
+ # Connection timings
+ client_body_timeout 10;
+ client_max_body_size 3m;
+ reset_timedout_connection on;
+ send_timeout 2;
+ sendfile on;
+
+ # Tuning packages
+ tcp_nodelay on;
+ tcp_nopush on;
+
+ # Data compression
+ gzip on;
+ gzip_comp_level 9;
+ gzip_disable "msie6";
+ gzip_proxied any;
+ gzip_types application/atom+xml application/javascript application/json application/rss+xml application/x-font-ttf application/x-javascript application/x-web-app-manifest+json application/xhtml+xml application/xml application/xml+rss font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component text/x-json text/xml;
+ gzip_vary on;
+
+ # SSL certificates
+ ssl_certificate ssl/domain.pem;
+ ssl_certificate_key ssl/domain.key;
+ ssl_client_certificate ssl/cloudflare-origin.pem;
+
+ # SSL configuration
+ ssl_verify_client on;
+ ssl_session_cache shared:MozSSL:10m;
+ ssl_session_tickets off;
+ ssl_session_timeout 1d;
+
+ # Modern configuration
+ ssl_prefer_server_ciphers off;
+ ssl_protocols TLSv1.3;
+
+ # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+ add_header Strict-Transport-Security "max-age=63072000" always;
+
+ # Caching
+ open_file_cache max=200000 inactive=20s;
+ open_file_cache_errors on;
+ open_file_cache_min_uses 2;
+ open_file_cache_valid 30s;
+
+ include /etc/nginx/conf.d/*.conf;
+} \ No newline at end of file