API tools faq
paste
Advertisement
Guest User

Nginx sample config

a guest
Feb 15th, 2023
963
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 6.36 KB | Software | 0 0
raw download clone embed print report
  1. user  www-data;
  2. worker_processes auto;
  3. worker_cpu_affinity auto;
  4. worker_rlimit_nofile 65535;
  5. pid /var/run/nginx.pid;
  6. pcre_jit on;
  7.  
  8. events {
  9.     worker_connections 8192;
  10.     multi_accept on;
  11. }
  12.  
  13. http {
  14.  
  15.     # Basic #######################
  16.  
  17.     sendfile            on;
  18.     tcp_nopush          on;
  19.     tcp_nodelay         on;
  20.     reset_timedout_connection   on;
  21.     keepalive_timeout       10;
  22.     keepalive_requests      1000;
  23.     types_hash_max_size     2048;
  24.     server_tokens       off;
  25.     send_timeout        10;
  26.     client_body_timeout     10;
  27.     client_header_timeout   10;
  28.     server_names_hash_max_size  4096;
  29.     server_names_hash_bucket_size  64;
  30.  
  31.     # Limits ######################
  32.    
  33.     client_max_body_size    32m;
  34.     client_body_buffer_size 128k;
  35.     client_body_temp_path   /var/cache/nginx/client_temp;
  36.  
  37.     proxy_connect_timeout   5;
  38.     proxy_send_timeout      10;
  39.     proxy_read_timeout      10;
  40.     proxy_buffer_size       4k;
  41.     proxy_buffers       8 16k;
  42.     proxy_busy_buffers_size 64k;
  43.     proxy_temp_file_write_size  64k;
  44.     proxy_temp_path     /var/cache/nginx/proxy_temp;
  45.  
  46.     include       /etc/nginx/mime.types;
  47.     default_type  application/octet-stream;
  48.  
  49.     # Logs ########################
  50.  
  51.     log_format  main    '$remote_addr - $host [$time_local] "$request" '
  52.         '$status $body_bytes_sent "$http_referer" '
  53.         '"$http_user_agent" "$http_x_forwarded_for"'
  54.         'rt=$request_time ut=$upstream_response_time '
  55.         'cs=$upstream_cache_status';
  56.     log_format full '$remote_addr - $host [$time_local] "$request" '
  57.         'request_length=$request_length '
  58.         'status=$status bytes_sent=$bytes_sent '
  59.         'body_bytes_sent=$body_bytes_sent '
  60.         'referer=$http_referer '
  61.         'user_agent="$http_user_agent" '
  62.         'upstream_status=$upstream_status '
  63.         'request_time=$request_time '
  64.         'upstream_response_time=$upstream_response_time '
  65.         'upstream_connect_time=$upstream_connect_time '
  66.         'upstream_header_time=$upstream_header_time';
  67.  
  68.     access_log  /var/log/nginx/access.log  main;
  69.     error_log  /var/log/nginx/error.log;
  70.  
  71.     # Gzip ########################
  72.  
  73.     gzip on;
  74.     gzip_static on;
  75.     gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/x-icon image/svg+xml application/x-font-ttf;
  76.     gzip_comp_level 9;
  77.     gzip_proxied any;
  78.     gzip_min_length 1000;
  79.     gzip_disable "msie6";
  80.     gzip_vary on;
  81.  
  82.     etag off;
  83.  
  84.     # If brotli module enabled
  85.  
  86.     #brotli_static on;
  87.     #brotli on;
  88.     #brotli_comp_level 6;
  89.     #brotli_types text/plain text/css text/xml application/javascript image/x-icon image/svg+xml;
  90.  
  91.     # Cache #######################
  92.  
  93.     #proxy_cache_valid 1m;
  94.     #proxy_cache_key $scheme$proxy_host$request_uri$cookie_US;
  95.     #proxy_cache_path /web/sites/nginx_cache levels=1:2 keys_zone=main:1000m;
  96.  
  97.     # Zone limits ################
  98.  
  99.     limit_conn_zone $binary_remote_addr zone=perip:10m;
  100.     limit_req_zone $binary_remote_addr zone=lim_5r:10m rate=5r/s; # lim for dynamic page
  101.     limit_req_zone $binary_remote_addr zone=lim_1r:10m rate=1r/s; # lim for search page
  102.     limit_req_zone $binary_remote_addr zone=lim_20r:10m rate=20r/s;
  103.  
  104.     # SSL #########################
  105.  
  106.     ssl_session_cache shared:SSL:10m;
  107.     ssl_session_timeout 1d;
  108.     ssl_session_tickets on;
  109.     ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
  110.     ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;
  111.     ssl_prefer_server_ciphers on;
  112.     ssl_dhparam /etc/ssl/certs/dhparam.pem;
  113.     ssl_stapling on;
  114.     ssl_stapling_verify on;
  115.     add_header Strict-Transport-Security max-age=15768000;
  116.     resolver 1.1.1.1 8.8.8.8 1.0.0.1 8.8.4.4;
  117.  
  118.     include /etc/nginx/conf.d/*.conf;
  119.  
  120.     # 404 for nonexistent domains
  121.  
  122.     server {
  123.         return 404;
  124.     }
  125.  
  126.     # For monitoring Nginx and Php-fpm #######
  127.  
  128.     server {
  129.         listen localhost;
  130.         server_name localhost;
  131.         keepalive_timeout   0;
  132.         allow   127.0.0.1;
  133.         allow   ::1;
  134.         deny    all;
  135.         access_log  off;
  136.  
  137.         location /nginx-status {
  138.             stub_status on;
  139.         }
  140.  
  141.         location /phpfpm-status {
  142.             include fastcgi_params;
  143.             fastcgi_pass   unix:/var/run/php-fpm/php-fpm.sock;
  144.             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  145.         }
  146.     }
  147.     # Example virthost
  148.  
  149.     server {
  150.         listen 443 ssl http2;
  151.         server_name example.com;
  152.         root /web/sites/example.com/www/;
  153.  
  154.         ssl_certificate                      /etc/letsencrypt/live/example.com/fullchain.pem;
  155.         ssl_certificate_key                  /etc/letsencrypt/live/example.com/privkey.pem;
  156.         ssl_trusted_certificate              /etc/letsencrypt/live/example.com/chain.pem;
  157.  
  158.         location ~ /\.well-known\/acme-challenge {
  159.             allow all;
  160.         }
  161.         location ~ /\. {
  162.             deny all;
  163.             return 404;
  164.         }
  165.         location = /favicon.ico {
  166.             log_not_found off;
  167.             access_log off;
  168.         }
  169.         location = /robots.txt {
  170.             log_not_found off;
  171.             access_log off;
  172.         }
  173.         location / {
  174.             try_files $uri $uri/ /index.php?$query_string;
  175.         }
  176.         location ~ \.php$ {
  177.             try_files  $uri =404;
  178.             fastcgi_pass   unix:/var/run/php-fpm/php-fpm.sock;
  179.             include fastcgi_params;
  180.             fastcgi_param HTTPS on;
  181.             fastcgi_param DOCUMENT_ROOT   $realpath_root;
  182.             fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
  183.         }
  184.     }
  185.  
  186.     # HTTP redirect
  187.  
  188.     server {
  189.         listen 80;
  190.         server_name example.com;
  191.         location ^~ /.well-known/acme-challenge/ {
  192.             root /web/sites/_letsencrypt;
  193.         }
  194.         location / {
  195.             return 301 https://example.com$request_uri;
  196.         }
  197.     }
  198. }
Tags: nginx
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!