Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- user www-data;
- worker_processes auto;
- pid /run/nginx.pid;
- include /etc/nginx/modules-enabled/*.conf;
- events {
- worker_connections 768;
- # multi_accept on;
- }
- http {
- ##
- # Basic Settings
- ##
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;
- keepalive_timeout 65;
- types_hash_max_size 2048;
- # server_tokens off;
- # Directives for setting real_ip/XFF IP address in log files
- set_real_ip_from xxx.xxx.xxx.xxx; #IP address of master LB
- set_real_ip_from xxx.xxx.xxx.xxx; #IP Address of slave LB
- set_real_ip_from 127.0.0.1; #IP Address of localhost IPV4
- set_real_ip_from ::1; #IP Address of localhost IPV6
- real_ip_header X-Forwarded-For;
- # server_names_hash_bucket_size 64;
- # server_name_in_redirect off;
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
- ##
- # SSL Settings
- ##
- #ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
- #ssl_prefer_server_ciphers on;
- # ssl config
- # c.f. https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
- # c.f. https://mozilla.github.io/server-side-tls/ssl-config-generator/
- ssl_session_cache shared:SSL:50m;
- ssl_session_timeout 60m;
- # modern
- ssl_protocols TLSv1.2;
- ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
- ssl_prefer_server_ciphers on;
- ssl_session_tickets off;
- # security
- # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
- add_header Strict-Transport-Security max-age=15768000;
- # generic proxy settings
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- # pages may need longer to produce output - this should somewhat correspond to the proxied server timeout
- proxy_read_timeout 400s;
- ##
- # Logging Settings
- ##
- log_format main '$http_x_forwarded_for - $remote_user [$time_local] "$request" '
- '$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent"';
- access_log /var/log/nginx/access.log main;
- error_log /var/log/nginx/error.log;
- ##
- # Gzip Settings
- ##
- gzip on;
- # gzip_vary on;
- # gzip_proxied any;
- # gzip_comp_level 6;
- # gzip_buffers 16 8k;
- # gzip_http_version 1.1;
- # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
- ##
- # Virtual Host Configs
- ##
- include /etc/nginx/conf.d/*.conf;
- #include /etc/nginx/passthrough.conf;
- include /etc/nginx/sites-enabled/*;
- }
- include /etc/nginx/passthrough.conf;
- #mail {
- # # See sample authentication script at:
- # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
- #
- # # auth_http localhost/auth.php;
- # # pop3_capabilities "TOP" "USER";
- # # imap_capabilities "IMAP4rev1" "UIDPLUS";
- #
- # server {
- # listen localhost:110;
- # protocol pop3;
- # proxy on;
- # }
- #
- # server {
- # listen localhost:143;
- # protocol imap;
- # proxy on;
- # }
- #}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
