Untitled

user  nginx;

# you must set worker processes based on your CPU cores, nginx does not benefit from setting more than that
worker_processes auto;

# number of file descriptors used for nginx
# the limit for the maximum FDs on the server is usually set by the OS.
# if you don't set FD's then OS settings will be used which is by default 2000
worker_rlimit_nofile 100000;

# only log critical errors
error_log  /var/log/nginx/error.log crit;

pid        /var/run/nginx.pid;

events {
  # determines how much clients will be served per worker
  # max clients = worker_connections * worker_processes
  # max clients is also limited by the number of socket connections available on the system (~64k)
  worker_connections 4000;
}

#load_module modules/ngx_http_security_headers_module.so;

http {

  include       /etc/nginx/mime.types;
  default_type  application/octet-stream;
  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

  # to boost I/O on HDD we can disable access logs
  access_log         off;
  sendfile           on;

  # send headers in one piece, it is better than sending them one by one
  tcp_nopush on;

  # don't buffer data sent, good for small data bursts in real time
  tcp_nodelay on;

  # allow the server to close connection on non responding client, this will free up memory
  reset_timedout_connection on;

  # request timed out -- default 60
  client_body_timeout 10;

  # if client stop responding, free up memory -- default 60
  send_timeout 2;

  # server will close connection after this time -- default 75
  keepalive_timeout 30;

  # cache informations about FDs, frequently accessed files
  # can boost performance, but you need to test those values
  open_file_cache max=200000 inactive=20s;
  open_file_cache_valid 30s;
  open_file_cache_min_uses 2;
  open_file_cache_errors on;

  server_tokens off;
  #hide_server_tokens on;

  # Disable x-powered-by header
  proxy_hide_header X-Powered-By;

  # Add x-content-type-options header
  add_header X-Content-Type-Options "nosniff";

  # Add referrer-policy header
  add_header Referrer-Policy "origin";

  # Add feature-policy header
  add_header Feature-Policy "geolocation none; unsized-media none;";

  # limit the number of connections per single IP
  limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;

  # limit the number of requests for a given session
  limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=5r/s;

  # if the request body size is more than the buffer size, then the entire (or partial)
  # request body is written into a temporary file
  client_body_buffer_size  128k;

  # maximum number and size of buffers for large headers to read from client request
  large_client_header_buffers 10 512k;

  server {
    listen       80;
    server_name  localhost;

    # client_max_body_size = SIZE LIMIT FOR REQUESTS, INITIAL VALUE WAS 20MB.
    client_max_body_size 500M;

    gzip on;
    # proxy_max_temp_file_size 0;

    location / {
      root   /usr/share/nginx/html;
      index  index.html;
      try_files $uri $uri/ /index.html;
      proxy_hide_header 'Cache-Control';
      add_header 'Cache-Control' "public, max-age=10";
      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
      # add_header 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
      root   /usr/share/nginx/html;
    }

    add_header X-Frame-Options "deny" always;
    # proxy_hide_header 'Cache-Control';
    # deny framing and clickjacking

    # limit whole server
    # limit_conn conn_limit_per_ip 10;
    # limit_req zone=req_limit_per_ip burst=10 nodelay;
  }
}