API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 10th, 2017
491
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.87 KB | None | 0 0
raw download clone embed print report
  1.  
  2. user nginx;
  3. worker_processes 1;
  4. worker_rlimit_nofile 260000;
  5.  
  6. error_log /var/log/nginx/error.log warn;
  7. pid /var/run/nginx.pid;
  8.  
  9. events {
  10. worker_connections 2048;
  11. accept_mutex off;
  12. accept_mutex_delay 200ms;
  13. use epoll;
  14. #multi_accept on;
  15. }
  16.  
  17. http {
  18.  
  19. set_real_ip_from 103.21.244.0/22;
  20. set_real_ip_from 103.22.200.0/22;
  21. set_real_ip_from 103.31.4.0/22;
  22. set_real_ip_from 104.16.0.0/12;
  23. set_real_ip_from 108.162.192.0/18;
  24. set_real_ip_from 131.0.72.0/22;
  25. set_real_ip_from 141.101.64.0/18;
  26. set_real_ip_from 162.158.0.0/15;
  27. set_real_ip_from 172.64.0.0/13;
  28. set_real_ip_from 173.245.48.0/20;
  29. set_real_ip_from 188.114.96.0/20;
  30. set_real_ip_from 190.93.240.0/20;
  31. set_real_ip_from 197.234.240.0/22;
  32. set_real_ip_from 198.41.128.0/17;
  33. set_real_ip_from 199.27.128.0/21;
  34. set_real_ip_from 2400:cb00::/32;
  35. set_real_ip_from 2606:4700::/32;
  36. set_real_ip_from 2803:f800::/32;
  37. set_real_ip_from 2405:b500::/32;
  38. set_real_ip_from 2405:8100::/32;
  39. set_real_ip_from 2c0f:f248::/32;
  40. set_real_ip_from 2a06:98c0::/29;
  41.  
  42. # use any of the following two
  43. real_ip_header CF-Connecting-IP;
  44. #real_ip_header X-Forwarded-For;
  45.  
  46.  
  47.  
  48. include /etc/nginx/mime.types;
  49. default_type application/octet-stream;
  50.  
  51. log_format main '$remote_addr - $remote_user [$time_local] $status '
  52. '"$request" $body_bytes_sent "$http_referer" '
  53. '"$http_user_agent" "$http_x_forwarded_for"';
  54.  
  55. #Disable IFRAME
  56. add_header X-Frame-Options SAMEORIGIN;
  57.  
  58. #Prevent Cross-site scripting (XSS) attacks
  59. add_header X-XSS-Protection "1; mode=block";
  60. #Prevent MIME-sniffing
  61. add_header X-Content-Type-Options nosniff;
  62.  
  63. access_log off;
  64. sendfile on;
  65. tcp_nopush on;
  66. tcp_nodelay off;
  67. types_hash_max_size 2048;
  68. server_tokens off;
  69. server_names_hash_bucket_size 128;
  70. client_max_body_size 0;
  71. client_body_buffer_size 256k;
  72. client_body_in_file_only off;
  73. client_body_timeout 60s;
  74. client_header_buffer_size 256k;
  75. client_header_timeout 20s;
  76. large_client_header_buffers 8 256k;
  77. keepalive_timeout 10;
  78. keepalive_disable msie6;
  79. reset_timedout_connection on;
  80. send_timeout 60s;
  81.  
  82. gzip on;
  83. gzip_static on;
  84. gzip_disable "msie6";
  85. gzip_vary on;
  86. gzip_proxied any;
  87. gzip_comp_level 6;
  88. gzip_buffers 16 8k;
  89. gzip_http_version 1.1;
  90. gzip_types text/plain text/css application/json text/javascript application/javascript text/xml application/xml application/xml+rss;
  91.  
  92.  
  93. fastcgi_buffers 8 16k;
  94. fastcgi_buffer_size 32k;
  95. fastcgi_connect_timeout 300;
  96. fastcgi_send_timeout 300;
  97. fastcgi_read_timeout 300;
  98. include /etc/nginx/conf.d/*.conf;
  99. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!