Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*-
- user nginx;
- worker_processes 2;
- error_log /var/log/nginx/error.log warn;
- pid /var/run/nginx.pid;
- worker_rlimit_nofile 8192;
- events {
- worker_connections 4096;
- ## Accept as many connections as possible.
- multi_accept on;
- }
- http {
- ##SB
- server_names_hash_bucket_size 64;
- ## MIME types.
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
- ## FastCGI.
- include /etc/nginx/fastcgi.conf;
- ## Default log and error files.
- #access_log /var/log/nginx/access.log;
- error_log /var/log/nginx/error.log;
- ## Use sendfile() syscall to speed up I/O operations and speed up
- ## static file serving.
- sendfile on;
- ## Handling of IPs in proxied and load balancing situations.
- set_real_ip_from 0.0.0.0/32; # all addresses get a real IP.
- real_ip_header X-Forwarded-For; # the ip is forwarded from the load balancer/proxy
- ## Define a zone for limiting the number of simultaneous
- ## connections nginx accepts. 1m means 32000 simultaneous
- ## sessions. We need to define for each server the limit_conn
- ## value refering to this or other zones.
- ## ** This syntax requires nginx version >=
- ## ** 1.1.8. Cf. http://nginx.org/en/CHANGES. If using an older
- ## ** version then use the limit_zone directive below
- ## ** instead. Comment out this
- ## ** one if not using nginx version >= 1.1.8.
- limit_conn_zone $binary_remote_addr zone=arbeit:10m;
- ## Define a zone for limiting the number of simultaneous
- ## connections nginx accepts. 1m means 32000 simultaneous
- ## sessions. We need to define for each server the limit_conn
- ## value refering to this or other zones.
- ## ** Use this directive for nginx versions below 1.1.8. Uncomment the line below.
- #limit_zone arbeit $binary_remote_addr 10m;
- ## Timeouts.
- client_body_timeout 60;
- client_header_timeout 60;
- keepalive_timeout 10 10;
- send_timeout 60;
- ## Reset lingering timed out connections. Deflect DDoS.
- reset_timedout_connection on;
- ## Body size.
- client_max_body_size 10m;
- ## TCP options.
- tcp_nodelay on;
- ## Optimization of socket handling when using sendfile.
- tcp_nopush on;
- ## Compression.
- gzip on;
- gzip_buffers 16 8k;
- gzip_comp_level 1;
- gzip_http_version 1.1;
- gzip_min_length 10;
- gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon application/vnd.ms-fontobject font/opentype application/x-font-ttf;
- gzip_vary on;
- gzip_proxied any; # Compression for all requests.
- ## No need for regexps. See
- ## http://wiki.nginx.org/NginxHttpGzipModule#gzip_disable
- gzip_disable msie6;
- ## Serve already compressed files directly, bypassing on-the-fly
- ## compression.
- ##
- # Usually you don't make much use of this. It's better to just
- # enable gzip_static on the locations you need it.
- # gzip_static on;
- ## Hide the Nginx version number.
- server_tokens off;
- ## Use a SSL/TLS cache for SSL session resume. This needs to be
- ## here (in this context, for session resumption to work. See this
- ## thread on the Nginx mailing list:
- ## http://nginx.org/pipermail/nginx/2010-November/023736.html.
- ssl_session_cache shared:SSL:10m;
- ssl_session_timeout 10m;
- ## Uncomment to increase map_hash_bucket_size. If start getting
- ## [emerg]: could not build the map_hash, you should increase
- ## map_hash_bucket_size: 64 in your
- ## logs. Cf. http://wiki.nginx.org/NginxOptimizations.
- #map_hash_bucket_size 192;
- ## For the filefield_nginx_progress module to work. From the
- ## README. Reserve 1MB under the name 'uploads' to track uploads.
- #upload_progress uploads 1m;
- ## Enable clickjacking protection in modern browsers. Available in
- ## IE8 also. See
- ## https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header
- ## This may conflicts with pseudo streaming (at least with Nginx version 1.0.12).
- ## Uncomment the line below if you're not using media streaming.
- ## For sites *using* frames uncomment the line below.
- #add_header X-Frame-Options SAMEORIGIN;
- ## For sites *not* using frames uncomment the line below.
- #add_header X-Frame-Options DENY;
- ## Block MIME type sniffing on IE.
- add_header X-Content-Options nosniff;
- ## Include the upstream servers for PHP FastCGI handling config.
- ## This one uses the FCGI process listening on TCP sockets.
- include upstream_phpcgi_tcp.conf;
- ## Include the upstream servers for PHP FastCGI handling
- ## configuration. This setup uses UNIX sockets for talking with the
- ## upstream.
- #include upstream_phpcgi_unix.conf;
- ## Include the map to block HTTP methods.
- include map_block_http_methods.conf;
- ## If using Nginx version >= 1.1.11 then there's a $https variable
- ## that has the value 'on' if the used scheme is https and '' if not.
- ## See: http://trac.nginx.org/nginx/changeset/4380/nginx
- ## http://trac.nginx.org/nginx/changeset/4333/nginx and
- ## http://trac.nginx.org/nginx/changeset/4334/nginx. If using a
- ## previous version then uncomment out the line below.
- #include map_https_fcgi.conf;
- ## Include this line, if used in a loadbalanced environment
- ## and comment the line which includes map_https_fcgi.conf.
- ## If the loadbalancer always sends the request in http protocol,
- ## and adds the server variable $http_x_forwarded_proto
- #include map_https_forwarded_proto.conf;
- ## Include the upstream servers for Apache handling the PHP
- ## processes. In this case Nginx functions as a reverse proxy.
- #include reverse_proxy.conf;
- #include upstream_phpapache.conf;
- ## Include the php-fpm status allowed hosts configuration block.
- ## Uncomment to enable if you're running php-fpm.
- include php_fpm_status_allowed_hosts.conf;
- ## Include the Nginx stub status allowed hosts configuration block.
- include nginx_status_allowed_hosts.conf;
- ## If you want to run cron using Drupal cron.php. i.e., you're not
- ## using drush then uncomment the line below. Specify in
- ## cron_allowed_hosts.conf which hosts can invole cron.
- # include apps/drupal/cron_allowed_hosts.conf;
- ## Include blacklist for bad bot and referer blocking.
- include blacklist.conf;
- ## Include the map directive that sets the $no_slash_uri variable for drupal 6.
- ## You may comment out the line below if using drupal 7.
- include apps/drupal/map_drupal6.conf;
- ## Include the caching setup. Needed for using Drupal with an external cache.
- include map_cache.conf;
- ## Microcache zone definition for FastCGI.
- include fastcgi_microcache_zone.conf;
- ## If you're using Apache for handling PHP then comment the line
- ## above and uncomment the line below.
- #include proxy_microcache_zone.conf
- ## Include all vhosts.
- include /etc/nginx/sites-enabled/*;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement