user www-data;worker_processes auto;error_log /var/log/nginx/nginx_eroors.lo

1. user www-data;
2. worker_processes auto;
3. error_log /var/log/nginx/nginx_eroors.log;
4. pid /var/run/nginx.pid;
5. worker_rlimit_nofile 8192;
6.  
7. events {
8. worker_connections 8192;
9. multi_accept on;
10. }
11.  
12. http {
13. ##LOG CUSTOM
14. #log_format compression '$remote_addr - $remote_user [$time_local] ' '"$request" $status ' '"$http_referer" "$http_user_agent" ';
15. log_format main '$remote_addr - $remote_user [$time_local] $request '
16. '"$status" $body_bytes_sent "$http_referer" '
17. '"$http_user_agent" "$http_x_forwarded_for" "$gzip_ratio"'
18. ' "$connection" "$connection_requests" "$request_time"';
19.  
20. client_max_body_size 256m;
21.  
22. more_set_headers "Server: nginx linuxiarz.pl";
23. sendfile on;
24. tcp_nopush on;
25. tcp_nodelay on;
26. types_hash_max_size 100240;
27. #upload_progress uploads 1m;
28.  
29. vhost_traffic_status_zone;
30.  
31. access_log /var/log/nginx/global_access.log;
32. error_log /var/log/nginx/global_errors.log;
33.  
34. # server_names_hash_bucket_size 64;
35. # server_name_in_redirect off;
36.  
37. include /etc/nginx/mime.types;
38. default_type application/octet-stream;
39.  
40.  
41. ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
42. #ssl_prefer_server_ciphers on;
43. upload_progress uploads 1m;
44.  
45.  
46. keepalive_timeout 8;
47. keepalive_requests 1000;
48. lingering_time 20s;
49. lingering_timeout 5s;
50. keepalive_disable msie6;
51.  
52. gzip on;
53. gzip_vary on;
54. gzip_disable "MSIE [1-6]\.";
55. gzip_static on;
56. gzip_min_length 1400;
57. gzip_buffers 32 8k;
58. gzip_http_version 1.0;
59. gzip_comp_level 5;
60. gzip_proxied any;
61. gzip_types text/plain text/css text/xml application/javascript application/x-javascript application/xml application/xml+rss application/ecmascript application/json image/svg+xml;
62.  
63. client_body_buffer_size 256k;
64. client_body_in_file_only off;
65. client_body_timeout 10s;
66. client_header_buffer_size 64k;
67. client_header_timeout 8s;
68. connection_pool_size 512;
69. directio 4m;
70. ignore_invalid_headers on;
71. large_client_header_buffers 8 64k;
72. output_buffers 8 256k;
73. postpone_output 1460;
74. proxy_temp_path /tmp/nginx_proxy/;
75. request_pool_size 32k;
76. reset_timedout_connection on;
77. send_timeout 15s;
78.  
79. server_names_hash_bucket_size 64;
80.  
81. ## Hide the Nginx version number.
82. server_tokens off;
83.  
84. ## Curve to use for ECDH.
85. ssl_ecdh_curve secp521r1;
86.  
87. ## Enable OCSP stapling. A better way to revocate server certificates.
88. ssl_stapling on;
89.  
90. ## Fill in with your own resolver.
91. resolver 8.8.8.8;
92.  
93. include /etc/nginx/conf.d/*.conf;
94. include /etc/nginx/sites-enabled/*;
95. include /etc/nginx/pagespeed.conf;
96. #include /etc/nginx/geoip.conf;
97.  
98. ## LogJam
99. ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
100. ssl_prefer_server_ciphers on;
101. ssl_dhparam /etc/nginx/dhparams.pem;
102.  
103. }