API tools faq
paste
Advertisement
Guest User

NGINX conf

a guest
Jan 16th, 2021
189
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.72 KB | None | 0 0
raw download clone embed print report
  1. user www-data;
  2. pid /run/nginx.pid;
  3. worker_processes auto;
  4. worker_rlimit_nofile 65535;
  5.  
  6. events {
  7. multi_accept on;
  8. worker_connections 65535;
  9. }
  10.  
  11. http {
  12. charset utf-8;
  13. sendfile on;
  14. tcp_nopush on;
  15. tcp_nodelay on;
  16. server_tokens off;
  17. log_not_found off;
  18. types_hash_max_size 2048;
  19. client_max_body_size 16M;
  20.  
  21. # MIME
  22. include mime.types;
  23. default_type application/octet-stream;
  24.  
  25. # Logging
  26. access_log /var/log/nginx/access.log;
  27. error_log /var/log/nginx/error.log warn;
  28.  
  29. # SSL
  30. ssl_session_timeout 1d;
  31. ssl_session_cache shared:SSL:10m;
  32. ssl_session_tickets off;
  33.  
  34. # Diffie-Hellman parameter for DHE ciphersuites
  35. ssl_dhparam /etc/nginx/dhparam.pem;
  36.  
  37. # Mozilla Intermediate configuration
  38. ssl_protocols TLSv1.2 TLSv1.3;
  39. ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  40.  
  41. # OCSP Stapling
  42. ssl_stapling on;
  43. ssl_stapling_verify on;
  44. resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
  45. resolver_timeout 2s;
  46.  
  47. # Load configs
  48. include /etc/nginx/conf.d/*.conf;
  49.  
  50. # cygrind.xyz
  51. server {
  52. listen The IP was here:443 ssl http2;
  53. listen [::]:443 ssl http2;
  54. server_name cygrind.xyz;
  55. # root /var/www/cygrind.xyz/public;
  56.  
  57. # SSL
  58. ssl_certificate /etc/letsencrypt/live/cygrind.xyz/fullchain.pem;
  59. ssl_certificate_key /etc/letsencrypt/live/cygrind.xyz/privkey.pem;
  60. ssl_trusted_certificate /etc/letsencrypt/live/cygrind.xyz/chain.pem;
  61.  
  62. # security headers
  63. add_header X-Frame-Options "SAMEORIGIN" always;
  64. add_header X-XSS-Protection "1; mode=block" always;
  65. add_header X-Content-Type-Options "nosniff" always;
  66. add_header Referrer-Policy "no-referrer-when-downgrade" always;
  67. add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
  68. add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
  69.  
  70. # . files
  71. location ~ /\.(?!well-known) {
  72. deny all;
  73. }
  74.  
  75. # logging
  76. access_log /var/log/nginx/cygrind.xyz.access.log;
  77. error_log /var/log/nginx/cygrind.xyz.error.log warn;
  78.  
  79. # index.php
  80. index index.php;
  81.  
  82. # reverse proxy
  83. location / {
  84. proxy_pass http://The IP was here:8080;
  85. proxy_http_version 1.1;
  86. proxy_cache_bypass $http_upgrade;
  87.  
  88. # Proxy headers
  89. proxy_set_header Upgrade $http_upgrade;
  90. proxy_set_header Connection "upgrade";
  91. proxy_set_header Host $host;
  92. proxy_set_header X-Real-IP $remote_addr;
  93. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  94. proxy_set_header X-Forwarded-Proto $scheme;
  95. proxy_set_header X-Forwarded-Host $host;
  96. proxy_set_header X-Forwarded-Port $server_port;
  97.  
  98. # Proxy timeouts
  99. proxy_connect_timeout 60s;
  100. proxy_send_timeout 60s;
  101. proxy_read_timeout 60s;
  102. }
  103.  
  104. # favicon.ico
  105. location = /favicon.ico {
  106. log_not_found off;
  107. access_log off;
  108. }
  109.  
  110. # robots.txt
  111. location = /robots.txt {
  112. log_not_found off;
  113. access_log off;
  114. }
  115.  
  116. # assets, media
  117. location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
  118. expires 7d;
  119. access_log off;
  120. }
  121.  
  122. # svg, fonts
  123. location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
  124. add_header Access-Control-Allow-Origin "*";
  125. expires 7d;
  126. access_log off;
  127. }
  128.  
  129. # gzip
  130. gzip on;
  131. gzip_vary on;
  132. gzip_proxied any;
  133. gzip_comp_level 6;
  134. gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
  135. }
  136.  
  137. # subdomains redirect
  138. server {
  139. listen The IP was here:443 ssl http2;
  140. listen [::]:443 ssl http2;
  141. server_name *.cygrind.xyz;
  142.  
  143. # SSL
  144. ssl_certificate /etc/letsencrypt/live/cygrind.xyz/fullchain.pem;
  145. ssl_certificate_key /etc/letsencrypt/live/cygrind.xyz/privkey.pem;
  146. ssl_trusted_certificate /etc/letsencrypt/live/cygrind.xyz/chain.pem;
  147. return 301 https://cygrind.xyz$request_uri;
  148. }
  149.  
  150. # HTTP redirect
  151. server {
  152. listen The IP was here:80;
  153. listen [::]:80;
  154. server_name .cygrind.xyz;
  155.  
  156. # ACME-challenge
  157. location ^~ /.well-known/acme-challenge/ {
  158. root /var/www/_letsencrypt;
  159. }
  160.  
  161. location / {
  162. return 301 https://cygrind.xyz$request_uri;
  163. }
  164. }
  165. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!