nginx.conf

1. user nobody users;
2. worker_processes 4;
3. pid /run/nginx.pid;
4.  
5. events {
6.     worker_connections 768;
7.     # multi_accept on;
8. }
9.  
10. http {
11.  
12.     ##
13.     # Basic Settings
14.     ##
15.  
16.     sendfile on;
17.     tcp_nopush on;
18.     tcp_nodelay on;
19.     keepalive_timeout 65;
20.     types_hash_max_size 2048;
21.     # server_tokens off;
22.  
23.     # server_names_hash_bucket_size 64;
24.     # server_name_in_redirect off;
25.  
26.     client_max_body_size 0;
27.  
28.     include /etc/nginx/mime.types;
29.     default_type application/octet-stream;
30.  
31.     ##
32.     # Logging Settings
33.     ##
34.  
35.     access_log /config/log/nginx/access.log;
36.     error_log /config/log/nginx/error.log;
37.  
38.     ##
39.     # Gzip Settings
40.     ##
41.  
42.     #Plex has A LOT of javascript, xml and html. This helps a lot, but if it causes playback issues with devices turn it off. (Haven't encountered any yet)
43.     gzip on;
44.     gzip_vary on;
45.     gzip_min_length 1000;
46.     gzip_proxied any;
47.     gzip_types text/plain text/html text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
48.     gzip_disable "MSIE [1-6]\.";
49.  
50.     include /etc/nginx/conf.d/*.conf;
51.         include /config/nginx/site-confs/*;
52.        
53.         ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
54.         ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
55.     ssl_prefer_server_ciphers on;
56.     #Must be set in the global scope see: https://forum.nginx.org/read.php?2,152294,152294
57.     #Why this is important especially with Plex as it makes a lot of requests http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html / https://www.peterbe.com/plog/ssl_session_cache-ab
58.     ssl_session_cache shared:SSL:10m;
59.     ssl_session_timeout 10m;
60.     #Will ensure https is always used by supported browsers which prevents any server-side http > https redirects, as the browser will internally correct any request to https.
61.     #Recommended to submit to your domain to https://hstspreload.org as well.
62.     #!WARNING! Only enable this if you intend to only serve Plex over https, until this rule expires in your browser it WONT BE POSSIBLE to access Plex via http, remove 'includeSubDomains;' if you only want it to effect your Plex (sub-)domain.
63.     #This is disabled by default as it could cause issues with some playback devices it's advisable to test it with a small max-age and only enable if you don't encounter issues. (Haven't encountered any yet)
64.     #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
65.     add_header X-Frame-Options SAMEORIGIN;
66.     add_header X-Content-Type-Options nosniff;
67.     add_header X-XSS-Protection "1; mode=block";
68.     add_header X-Robots-Tag none;
69.     ssl_stapling on; # Requires nginx >= 1.3.7
70.     ssl_stapling_verify on; # Requires nginx => 1.3.7
71.  
72. }