Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- user abc;
- worker_processes 4;
- pid /run/nginx.pid;
- events {
- worker_connections 768;
- # multi_accept on;
- }
- http {
- # Geoblock non-US IPs
- geoip_country /usr/share/GeoIP/GeoIP.dat;
- map $geoip_country_code $allowed_country {
- default no;
- # Allow US IPs only
- US yes;
- }
- # Whitelist IPs
- geo $exclusion {
- default 0;
- # Qualys SSL Labs
- 64.41.200.0/24 1;
- # Securityheaders
- 192.241.216.219 1;
- }
- ##
- # Basic Settings
- ##
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;
- keepalive_timeout 65;
- types_hash_max_size 2048;
- server_tokens off;
- client_max_body_size 0;
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
- ##
- # Logging Settings
- ##
- access_log /config/log/nginx/access.log;
- error_log /config/log/nginx/error.log;
- ##
- # Gzip Settings
- ##
- gzip on;
- gzip_disable "msie6";
- gzip_vary on;
- gzip_proxied any;
- gzip_comp_level 6;
- gzip_buffers 16 8k;
- gzip_min_length 1100;
- # gzip_http_version 1.1;
- gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
- ##
- # Virtual Host Configs
- ##
- include /etc/nginx/conf.d/*.conf;
- include /config/nginx/site-confs/*;
- ssl_protocols TLSv1.2;
- ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA;
- ssl_prefer_server_ciphers on;
- ssl_session_cache shared:SSL:10m;
- add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
- add_header X-Frame-Options SAMEORIGIN;
- add_header X-Content-Type-Options nosniff;
- add_header X-XSS-Protection "1; mode=block";
- add_header X-Robots-Tag none;
- ssl_stapling on; # Requires nginx >= 1.3.7
- ssl_stapling_verify on; # Requires nginx => 1.3.7
- }
- daemon off;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement