146 lines
5.0 KiB
Nginx Configuration File
146 lines
5.0 KiB
Nginx Configuration File
# Generated by nginxconfig.io
|
|
# https://www.serverion.com/nginx-config/#?0.domain=_&0.path=%2Fvar%2Fwww%2Fhtml&0.redirect=false&0.force_https=false&0.cert_type=custom&0.ssl_certificate=%2Fetc%2Fssl%2Fweb%2Fserver.crt&0.ssl_certificate_key=%2Fetc%2Fssl%2Fweb%2Fserver.key&0.wordpress&0.proxy_path=%2Fping&0.proxy_pass=unix:%2Fvar%2Frun%2Fphp%2Fphp-fpm.sock&0.index=index.html&content_security_policy=default-src%20'self'%20http:%20https:%20data:%20blob:%20'unsafe-inline';%20frame-ancestors%20'self';&php_server=%2Fvar%2Frun%2Fphp%2Fphp7.3-fpm.sock&expires_media=max&expires_svg=max&expires_fonts=max&user=www-data%20www-data&client_max_body_size=2048&symlink=false
|
|
|
|
pcre_jit on;
|
|
worker_processes auto;
|
|
worker_rlimit_nofile 100000;
|
|
user www-data www-data;
|
|
|
|
events {
|
|
worker_connections 65535;
|
|
use epoll;
|
|
multi_accept on;
|
|
}
|
|
|
|
http {
|
|
# define common MIME types
|
|
include mime.types;
|
|
|
|
# define the default MIME type
|
|
default_type application/octet-stream;
|
|
|
|
# disable emitting nginx version
|
|
server_tokens off;
|
|
|
|
# disable the directory listing output
|
|
autoindex off;
|
|
|
|
# disable automatic generation of the "ETag"
|
|
etag off;
|
|
|
|
# disable warnings about uninitialized variables are logged
|
|
uninitialized_variable_warn off;
|
|
|
|
# ======================================================================== #
|
|
|
|
# the bucket size for the maps hash table
|
|
map_hash_bucket_size 256;
|
|
map_hash_max_size 4096;
|
|
|
|
# the bucket size for the server names hash tables
|
|
server_names_hash_bucket_size 256;
|
|
server_names_hash_max_size 4096;
|
|
|
|
# the bucket size for variables hash tables
|
|
variables_hash_max_size 4096;
|
|
variables_hash_bucket_size 4096;
|
|
|
|
# ======================================================================== #
|
|
|
|
# cache informations about FDs, frequently accessed files
|
|
# can boost performance, but you need to test those values
|
|
open_file_cache max=200000 inactive=30s;
|
|
open_file_cache_valid 30s;
|
|
open_file_cache_min_uses 1;
|
|
open_file_cache_errors off;
|
|
open_log_file_cache max=10 inactive=30s min_uses=1 valid=5m;
|
|
|
|
# ======================================================================== #
|
|
|
|
# logging
|
|
access_log /var/log/nginx/access.log;
|
|
error_log /var/log/nginx/error.log error;
|
|
|
|
# to boost I/O on HDD we can disable access logs
|
|
log_not_found off;
|
|
log_subrequest off;
|
|
rewrite_log on;
|
|
|
|
# copies data between one FD and other from within the kernel
|
|
# faster than read() + write()
|
|
sendfile off;
|
|
sendfile_max_chunk 1m;
|
|
|
|
# send headers in one piece, it is better than sending them one by one
|
|
tcp_nopush on;
|
|
|
|
# don't buffer data sent, good for small data bursts in real time
|
|
tcp_nodelay on;
|
|
|
|
# large files can be read and sent using multi-threading
|
|
# without blocking a worker process
|
|
aio threads;
|
|
directio 1m;
|
|
|
|
# how to compare modification time
|
|
ssi on;
|
|
if_modified_since off;
|
|
|
|
# set default size of the slice
|
|
slice 1m;
|
|
|
|
# ======================================================================== #
|
|
|
|
# allow the server to close connection on non responding client,
|
|
# this will free up memory
|
|
reset_timedout_connection on;
|
|
|
|
# timeout for reading client request header -- default: 60
|
|
client_header_timeout 10s;
|
|
|
|
# request timed out -- default: 60
|
|
client_body_timeout 75s;
|
|
|
|
# if the request body size is more than the buffer size, then the entire (or partial)
|
|
# request body is written into a temporary file
|
|
client_body_buffer_size 128k;
|
|
|
|
# if client stop responding, free up memory -- default: 60
|
|
send_timeout 30s;
|
|
|
|
# server will close connection after this time -- default: 75
|
|
keepalive_timeout 30s;
|
|
|
|
# number of requests client can make over keep-alive
|
|
keepalive_requests 100000;
|
|
|
|
# maximum number and size of buffers
|
|
# for large headers to read from client request -- default: 4 8k;
|
|
large_client_header_buffers 4 16k;
|
|
|
|
# ======================================================================== #
|
|
|
|
# SSL
|
|
ssl_session_timeout 1d;
|
|
ssl_session_cache shared:SSL:10m;
|
|
ssl_session_tickets off;
|
|
|
|
# Diffie-Hellman parameter for DHE ciphersuites
|
|
ssl_dhparam /etc/ssl/dhparam.pem;
|
|
|
|
# Mozilla Intermediate configuration
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
|
|
|
# OCSP Stapling
|
|
# ssl_stapling on;
|
|
# ssl_stapling_verify on;
|
|
resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
|
|
resolver_timeout 2s;
|
|
|
|
# ======================================================================== #
|
|
|
|
include /etc/nginx/conf.d/*.conf;
|
|
include /etc/nginx/snippets/legacy_mappings.conf;
|
|
include /etc/nginx/sites-enabled/*;
|
|
} |