Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- user www-data;
- worker_processes auto;
- pcre_jit on;
- worker_rlimit_nofile 4096;
- pid /run/nginx.pid;
- events {
- worker_connections 4096;
- multi_accept on;
- use epoll;
- }
- #include rtmp.conf;
- http {
- server_tokens off;
- reset_timedout_connection on;
- if_modified_since before;
- # Limit Request
- limit_req_status 403;
- limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
- # Proxy Settings
- set_real_ip_from 127.0.0.1;
- real_ip_header X-Forwarded-For;
- fastcgi_read_timeout 300;
- client_max_body_size 100m;
- # map $http_accept $webp_suffix {
- # default "";
- # "~*webp" ".webp";
- # }
- # https://www.howtoforge.com/nginx-how-to-block-visitors-by-country-with-the-geoip-module-debian-ubuntu
- geoip_country /usr/share/GeoIP/GeoIPv6.dat;
- map $geoip_country_code $allowed_country {
- default yes;
- CN no;
- RU no;
- FR no;
- DE no;
- UA no;
- }
- #geo block for installing and configuring sites based on ip.
- geo $clientfd {
- default wwwold;
- 86.95.132.176 www; #Gerwin thuis
- 80.79.32.189 www; #E//
- 94.215.37.196 www;
- 2001:470:7805:0:600f:4a9:a98e:23c2 www;
- }
- # SSL Settings
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- # https://github.com/cloudflare/sslconfig/blob/master/conf
- ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:!MD5;
- ssl_session_cache builtin:1000 shared:SSL:200m;
- ssl_session_timeout 4h;
- ssl_ecdh_curve secp384r1:prime256v1:secp256k1;
- ssl_prefer_server_ciphers on;
- ssl_dhparam /etc/ssl/certs/dhparam.pem;
- resolver 8.8.4.4 8.8.8.8 valid=300s;
- resolver_timeout 5s;
- # http://nginx.com/blog/improve-seo-https-nginx/
- ssl_session_tickets on;
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;
- keepalive_requests 500;
- keepalive_timeout 300 300;
- types_hash_max_size 2048;
- server_names_hash_max_size 1024;
- server_names_hash_bucket_size 96;
- server_name_in_redirect off;
- include mime.types;
- default_type application/octet-stream;
- # Logging Settings
- open_log_file_cache max=1000 inactive=20s min_uses=2 valid=1m;
- access_log off;
- error_log /var/log/nginx/error.log;
- log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
- '$http_host "$request" $status $body_bytes_sent '
- '"$http_referer" "$http_user_agent"';
- # https://github.com/nginxinc/nginx-amplify-doc/blob/master/amplify-guide.md
- log_format main_ext '$remote_addr - $remote_user [$time_local] "$request" '
- ' $status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for" '
- 'rt=$request_time ua="$upstream_addr" '
- 'us="$upstream_status" ut="$upstream_response_time" '
- 'cs=$upstream_cache_status' ;
- # Brotli Settings
- brotli on;
- brotli_comp_level 5;
- brotli_min_length 1000;
- # Gzip Settings
- gzip on;
- gzip_disable "msie6";
- gzip_vary on;
- gzip_proxied any;
- gzip_comp_level 6;
- gzip_min_length 80;
- gzip_buffers 16 8k;
- gzip_http_version 1.0;
- gzip_types application/xml;
- gzip_types application/xml+rss;
- gzip_types "application/x-javascript;charset=utf-8";
- gzip_types application/ecmascript;
- gzip_types application/javascript;
- gzip_types application/json;
- gzip_types application/pdf;
- gzip_types application/postscript;
- gzip_types application/x-javascript;
- gzip_types image/svg+xml;
- gzip_types image/bmp;
- gzip_types text/css;
- gzip_types text/csv;
- gzip_types text/javascript;
- gzip_types text/plain;
- gzip_types text/xml;
- gzip_types font/ttf;
- gzip_types font/opentype;
- gzip_types application/vnd.ms-fontobject;
- # Open File Cache Settings
- open_file_cache max=10000 inactive=10m;
- open_file_cache_valid 2m;
- open_file_cache_min_uses 1;
- open_file_cache_errors on;
- fastcgi_buffers 128 32k;
- fastcgi_buffer_size 32k;
- fastcgi_param SERVER_NAME $http_host;
- fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
- add_header X-Powered-By "Hans van Eijsden - And-Stuff";
- # Virtual Host Configs
- include /opt/nginx/conf/sites/*.conf;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement