blob: 904923dabc6b11a02d3f6eccddaf8493653ae56c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
pid /run/nginx.pid;
user www-data;
worker_processes 1;
events {
multi_accept on;
use epoll;
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
# Logging
access_log off;
error_log /var/log/nginx/error.log warn;
# Timings
keepalive_requests 100;
keepalive_timeout 30;
# Connection timings
client_body_timeout 10;
client_max_body_size 3m;
reset_timedout_connection on;
send_timeout 2;
sendfile on;
# Tuning packages
tcp_nodelay on;
tcp_nopush on;
# Data compression
gzip on;
gzip_comp_level 9;
gzip_disable "msie6";
gzip_proxied any;
gzip_types application/atom+xml application/javascript application/json application/rss+xml application/x-font-ttf application/x-javascript application/x-web-app-manifest+json application/xhtml+xml application/xml application/xml+rss font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component text/x-json text/xml;
gzip_vary on;
# SSL certificates
ssl_certificate ssl/domain.pem;
ssl_certificate_key ssl/domain.key;
ssl_client_certificate ssl/cloudflare-origin.pem;
# SSL configuration
ssl_verify_client on;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_session_timeout 1d;
# Modern configuration
ssl_prefer_server_ciphers off;
ssl_protocols TLSv1.3;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;
# Caching
open_file_cache max=200000 inactive=20s;
open_file_cache_errors on;
open_file_cache_min_uses 2;
open_file_cache_valid 30s;
include /etc/nginx/conf.d/*.conf;
}
|
