Advertisement
Guest User

NGINX conf

a guest
Jan 16th, 2021
187
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.72 KB | None | 0 0
  1. user www-data;
  2. pid /run/nginx.pid;
  3. worker_processes auto;
  4. worker_rlimit_nofile 65535;
  5.  
  6. events {
  7. multi_accept on;
  8. worker_connections 65535;
  9. }
  10.  
  11. http {
  12. charset utf-8;
  13. sendfile on;
  14. tcp_nopush on;
  15. tcp_nodelay on;
  16. server_tokens off;
  17. log_not_found off;
  18. types_hash_max_size 2048;
  19. client_max_body_size 16M;
  20.  
  21. # MIME
  22. include mime.types;
  23. default_type application/octet-stream;
  24.  
  25. # Logging
  26. access_log /var/log/nginx/access.log;
  27. error_log /var/log/nginx/error.log warn;
  28.  
  29. # SSL
  30. ssl_session_timeout 1d;
  31. ssl_session_cache shared:SSL:10m;
  32. ssl_session_tickets off;
  33.  
  34. # Diffie-Hellman parameter for DHE ciphersuites
  35. ssl_dhparam /etc/nginx/dhparam.pem;
  36.  
  37. # Mozilla Intermediate configuration
  38. ssl_protocols TLSv1.2 TLSv1.3;
  39. ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  40.  
  41. # OCSP Stapling
  42. ssl_stapling on;
  43. ssl_stapling_verify on;
  44. resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
  45. resolver_timeout 2s;
  46.  
  47. # Load configs
  48. include /etc/nginx/conf.d/*.conf;
  49.  
  50. # cygrind.xyz
  51. server {
  52. listen The IP was here:443 ssl http2;
  53. listen [::]:443 ssl http2;
  54. server_name cygrind.xyz;
  55. # root /var/www/cygrind.xyz/public;
  56.  
  57. # SSL
  58. ssl_certificate /etc/letsencrypt/live/cygrind.xyz/fullchain.pem;
  59. ssl_certificate_key /etc/letsencrypt/live/cygrind.xyz/privkey.pem;
  60. ssl_trusted_certificate /etc/letsencrypt/live/cygrind.xyz/chain.pem;
  61.  
  62. # security headers
  63. add_header X-Frame-Options "SAMEORIGIN" always;
  64. add_header X-XSS-Protection "1; mode=block" always;
  65. add_header X-Content-Type-Options "nosniff" always;
  66. add_header Referrer-Policy "no-referrer-when-downgrade" always;
  67. add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
  68. add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
  69.  
  70. # . files
  71. location ~ /\.(?!well-known) {
  72. deny all;
  73. }
  74.  
  75. # logging
  76. access_log /var/log/nginx/cygrind.xyz.access.log;
  77. error_log /var/log/nginx/cygrind.xyz.error.log warn;
  78.  
  79. # index.php
  80. index index.php;
  81.  
  82. # reverse proxy
  83. location / {
  84. proxy_pass http://The IP was here:8080;
  85. proxy_http_version 1.1;
  86. proxy_cache_bypass $http_upgrade;
  87.  
  88. # Proxy headers
  89. proxy_set_header Upgrade $http_upgrade;
  90. proxy_set_header Connection "upgrade";
  91. proxy_set_header Host $host;
  92. proxy_set_header X-Real-IP $remote_addr;
  93. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  94. proxy_set_header X-Forwarded-Proto $scheme;
  95. proxy_set_header X-Forwarded-Host $host;
  96. proxy_set_header X-Forwarded-Port $server_port;
  97.  
  98. # Proxy timeouts
  99. proxy_connect_timeout 60s;
  100. proxy_send_timeout 60s;
  101. proxy_read_timeout 60s;
  102. }
  103.  
  104. # favicon.ico
  105. location = /favicon.ico {
  106. log_not_found off;
  107. access_log off;
  108. }
  109.  
  110. # robots.txt
  111. location = /robots.txt {
  112. log_not_found off;
  113. access_log off;
  114. }
  115.  
  116. # assets, media
  117. location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
  118. expires 7d;
  119. access_log off;
  120. }
  121.  
  122. # svg, fonts
  123. location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
  124. add_header Access-Control-Allow-Origin "*";
  125. expires 7d;
  126. access_log off;
  127. }
  128.  
  129. # gzip
  130. gzip on;
  131. gzip_vary on;
  132. gzip_proxied any;
  133. gzip_comp_level 6;
  134. gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
  135. }
  136.  
  137. # subdomains redirect
  138. server {
  139. listen The IP was here:443 ssl http2;
  140. listen [::]:443 ssl http2;
  141. server_name *.cygrind.xyz;
  142.  
  143. # SSL
  144. ssl_certificate /etc/letsencrypt/live/cygrind.xyz/fullchain.pem;
  145. ssl_certificate_key /etc/letsencrypt/live/cygrind.xyz/privkey.pem;
  146. ssl_trusted_certificate /etc/letsencrypt/live/cygrind.xyz/chain.pem;
  147. return 301 https://cygrind.xyz$request_uri;
  148. }
  149.  
  150. # HTTP redirect
  151. server {
  152. listen The IP was here:80;
  153. listen [::]:80;
  154. server_name .cygrind.xyz;
  155.  
  156. # ACME-challenge
  157. location ^~ /.well-known/acme-challenge/ {
  158. root /var/www/_letsencrypt;
  159. }
  160.  
  161. location / {
  162. return 301 https://cygrind.xyz$request_uri;
  163. }
  164. }
  165. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement