Nginx.conf main config file

1. user www-data;
2. worker_processes auto;
3. pcre_jit on;
4. worker_rlimit_nofile 4096;
5. pid /run/nginx.pid;
6.  
7. events {
8.     worker_connections 4096;
9.     multi_accept on;
10.     use epoll;
11. }
12.  
13. #include rtmp.conf;
14.  
15. http {
16.  
17.     server_tokens off;
18.     reset_timedout_connection on;
19.     if_modified_since before;
20.  
21.     # Limit Request
22.  
23.     limit_req_status 403;
24.     limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
25.  
26.     # Proxy Settings
27.  
28.     set_real_ip_from    127.0.0.1;
29.     real_ip_header  X-Forwarded-For;
30.  
31.     fastcgi_read_timeout 300;
32.     client_max_body_size 100m;
33.  
34. #   map $http_accept $webp_suffix {
35. #   default   "";
36. #   "~*webp" ".webp";
37. #   }
38.  
39.     # https://www.howtoforge.com/nginx-how-to-block-visitors-by-country-with-the-geoip-module-debian-ubuntu
40.     geoip_country /usr/share/GeoIP/GeoIPv6.dat;
41.         map $geoip_country_code $allowed_country {
42.         default yes;
43.         CN no;
44.     RU no;
45.     FR no;
46.     DE no;
47.     UA no;
48.         }
49.  
50.     #geo block for installing and configuring sites based on ip.
51.    
52.     geo $clientfd {
53.             default wwwold;
54.             86.95.132.176 www; #Gerwin thuis
55.         80.79.32.189 www; #E//
56.         94.215.37.196 www;
57.         2001:470:7805:0:600f:4a9:a98e:23c2 www;
58.     }
59.     # SSL Settings
60.  
61.     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
62.  
63.     # https://github.com/cloudflare/sslconfig/blob/master/conf
64.     ssl_ciphers                 EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:!MD5;
65.  
66.     ssl_session_cache builtin:1000 shared:SSL:200m;
67.     ssl_session_timeout 4h;
68.     ssl_ecdh_curve secp384r1:prime256v1:secp256k1;
69.     ssl_prefer_server_ciphers on;
70.     ssl_dhparam /etc/ssl/certs/dhparam.pem;
71.  
72.     resolver 8.8.4.4 8.8.8.8 valid=300s;
73.     resolver_timeout 5s;
74.  
75.     # http://nginx.com/blog/improve-seo-https-nginx/
76.     ssl_session_tickets on;
77.  
78.     sendfile on;
79.     tcp_nopush on;
80.     tcp_nodelay on;
81.     keepalive_requests 500;
82.     keepalive_timeout 300 300;
83.     types_hash_max_size 2048;
84.  
85.     server_names_hash_max_size 1024;
86.     server_names_hash_bucket_size 96;
87.     server_name_in_redirect off;
88.  
89.     include mime.types;
90.     default_type application/octet-stream;
91.  
92.     # Logging Settings
93.  
94.     open_log_file_cache max=1000 inactive=20s min_uses=2 valid=1m;
95.  
96.     access_log off;
97.     error_log /var/log/nginx/error.log;
98.  
99.     log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
100.         '$http_host "$request" $status $body_bytes_sent '
101.         '"$http_referer" "$http_user_agent"';
102.  
103.     # https://github.com/nginxinc/nginx-amplify-doc/blob/master/amplify-guide.md
104.     log_format  main_ext '$remote_addr - $remote_user [$time_local] "$request" '
105.                          ' $status $body_bytes_sent "$http_referer" '
106.                          '"$http_user_agent" "$http_x_forwarded_for" '
107.                          'rt=$request_time ua="$upstream_addr" '
108.                          'us="$upstream_status" ut="$upstream_response_time" '
109.                          'cs=$upstream_cache_status' ;
110.  
111.  
112.     # Brotli Settings
113.  
114.     brotli on;
115.     brotli_comp_level 5;
116.     brotli_min_length 1000;
117.  
118.     # Gzip Settings
119.  
120.     gzip on;
121.     gzip_disable "msie6";
122.  
123.     gzip_vary on;
124.     gzip_proxied any;
125.     gzip_comp_level 6;
126.     gzip_min_length 80;
127.     gzip_buffers 16 8k;
128.     gzip_http_version 1.0;
129.     gzip_types application/xml;
130.     gzip_types application/xml+rss;
131.     gzip_types "application/x-javascript;charset=utf-8";
132.     gzip_types application/ecmascript;
133.     gzip_types application/javascript;
134.     gzip_types application/json;
135.     gzip_types application/pdf;
136.     gzip_types application/postscript;
137.     gzip_types application/x-javascript;
138.     gzip_types image/svg+xml;
139.     gzip_types image/bmp;
140.     gzip_types text/css;
141.     gzip_types text/csv;
142.     gzip_types text/javascript;
143.     gzip_types text/plain;
144.     gzip_types text/xml;
145.     gzip_types font/ttf;
146.     gzip_types font/opentype;
147.     gzip_types application/vnd.ms-fontobject;
148.  
149.     # Open File Cache Settings
150.  
151.     open_file_cache     max=10000  inactive=10m;
152.     open_file_cache_valid   2m;
153.     open_file_cache_min_uses 1;
154.     open_file_cache_errors   on;
155.  
156.  
157.     fastcgi_buffers 128 32k;
158.     fastcgi_buffer_size 32k;
159.  
160.     fastcgi_param SERVER_NAME $http_host;
161.     fastcgi_ignore_headers  Cache-Control Expires Set-Cookie;
162.  
163.     add_header X-Powered-By "Hans van Eijsden - And-Stuff";
164.  
165.     # Virtual Host Configs
166.  
167.     include /opt/nginx/conf/sites/*.conf;
168. }