Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- user nobody users;
- worker_processes 4;
- pid /run/nginx.pid;
- events {
- worker_connections 768;
- # multi_accept on;
- }
- http {
- ##
- # Basic Settings
- ##
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;
- keepalive_timeout 65;
- types_hash_max_size 2048;
- # server_tokens off;
- # server_names_hash_bucket_size 64;
- # server_name_in_redirect off;
- client_max_body_size 0;
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
- ##
- # Logging Settings
- ##
- access_log /config/log/nginx/access.log;
- error_log /config/log/nginx/error.log;
- ##
- # Gzip Settings
- ##
- #Plex has A LOT of javascript, xml and html. This helps a lot, but if it causes playback issues with devices turn it off. (Haven't encountered any yet)
- gzip on;
- gzip_vary on;
- gzip_min_length 1000;
- gzip_proxied any;
- gzip_types text/plain text/html text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
- gzip_disable "MSIE [1-6]\.";
- include /etc/nginx/conf.d/*.conf;
- include /config/nginx/site-confs/*;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
- ssl_prefer_server_ciphers on;
- #Must be set in the global scope see: https://forum.nginx.org/read.php?2,152294,152294
- #Why this is important especially with Plex as it makes a lot of requests http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html / https://www.peterbe.com/plog/ssl_session_cache-ab
- ssl_session_cache shared:SSL:10m;
- ssl_session_timeout 10m;
- #Will ensure https is always used by supported browsers which prevents any server-side http > https redirects, as the browser will internally correct any request to https.
- #Recommended to submit to your domain to https://hstspreload.org as well.
- #!WARNING! Only enable this if you intend to only serve Plex over https, until this rule expires in your browser it WONT BE POSSIBLE to access Plex via http, remove 'includeSubDomains;' if you only want it to effect your Plex (sub-)domain.
- #This is disabled by default as it could cause issues with some playback devices it's advisable to test it with a small max-age and only enable if you don't encounter issues. (Haven't encountered any yet)
- #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
- add_header X-Frame-Options SAMEORIGIN;
- add_header X-Content-Type-Options nosniff;
- add_header X-XSS-Protection "1; mode=block";
- add_header X-Robots-Tag none;
- ssl_stapling on; # Requires nginx >= 1.3.7
- ssl_stapling_verify on; # Requires nginx => 1.3.7
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement