Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Server globals
- user www-data;
- worker_processes auto;
- worker_rlimit_nofile 65535;
- error_log /var/log/nginx/error.log crit;
- pid /var/run/nginx.pid;
- # Worker config
- events {
- worker_connections 2048;
- use epoll;
- multi_accept on;
- }
- http {
- # Main settings
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;
- client_header_timeout 1m;
- client_body_timeout 1m;
- client_header_buffer_size 2k;
- client_body_buffer_size 256k;
- client_max_body_size 2048m;
- large_client_header_buffers 4 8k;
- send_timeout 30;
- keepalive_timeout 60 60;
- reset_timedout_connection on;
- server_tokens off;
- server_name_in_redirect off;
- server_names_hash_max_size 512;
- server_names_hash_bucket_size 512;
- # Log format
- log_format main '$remote_addr - $remote_user [$time_local] $request '
- '"$status" $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for"';
- log_format bytes '$body_bytes_sent';
- #access_log /var/log/nginx/access.log main;
- access_log off;
- # Mime settings
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
- # Compression
- gzip on;
- gzip_comp_level 9;
- gzip_min_length 512;
- gzip_buffers 8 64k;
- gzip_types text/plain text/css text/javascript text/js text/xml app lication/json application/javascript application/x-javascript application/xml ap plication/xml+rss application/x-font-ttf image/svg+xml font/opentype;
- gzip_proxied any;
- gzip_disable "MSIE [1-6]\.";
- # Proxy settings
- proxy_redirect off;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_pass_header Set-Cookie;
- proxy_connect_timeout 90;
- proxy_send_timeout 90;
- proxy_read_timeout 90;
- proxy_buffers 32 4k;
- # Cloudflare https://www.cloudflare.com/ips
- set_real_ip_from 199.27.128.0/21;
- set_real_ip_from 173.245.48.0/20;
- set_real_ip_from 103.21.244.0/22;
- set_real_ip_from 103.22.200.0/22;
- set_real_ip_from 103.31.4.0/22;
- set_real_ip_from 141.101.64.0/18;
- set_real_ip_from 108.162.192.0/18;
- set_real_ip_from 190.93.240.0/20;
- set_real_ip_from 188.114.96.0/20;
- set_real_ip_from 197.234.240.0/22;
- set_real_ip_from 198.41.128.0/17;
- set_real_ip_from 162.158.0.0/15;
- set_real_ip_from 104.16.0.0/12;
- set_real_ip_from 172.64.0.0/13;
- #set_real_ip_from 2400:cb00::/32;
- #set_real_ip_from 2606:4700::/32;
- #set_real_ip_from 2803:f800::/32;
- #set_real_ip_from 2405:b500::/32;
- #set_real_ip_from 2405:8100::/32;
- real_ip_header CF-Connecting-IP;
- # SSL PCI Compliance
- ssl_session_cache shared:SSL:10m;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_prefer_server_ciphers on;
- ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256: DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDH E-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA 256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CB C3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AE S128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:! MD5:!PSK:!RC4";
- # Error pages
- error_page 403 /error/403.html;
- error_page 404 /error/404.html;
- error_page 502 503 504 /error/50x.html;
- # Cache settings
- proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m;
- proxy_cache_key "$host$request_uri $cookie_user";
- proxy_temp_path /var/cache/nginx/temp;
- proxy_ignore_headers Expires Cache-Control;
- proxy_cache_use_stale error timeout invalid_header http_502;
- proxy_cache_valid any 1d;
- # Cache bypass
- map $http_cookie $no_cache {
- default 0;
- ~SESS 1;
- ~wordpress_logged_in 1;
- }
- # File cache settings
- open_file_cache max=10000 inactive=30s;
- open_file_cache_valid 60s;
- open_file_cache_min_uses 2;
- open_file_cache_errors off;
- # Wildcard include
- include /etc/nginx/conf.d/*.conf;
- }
- # configuration file /etc/nginx/mime.types:
- types {
- text/html html htm shtml;
- text/css css;
- text/xml xml;
- image/gif gif;
- image/jpeg jpeg jpg;
- application/javascript js;
- application/atom+xml atom;
- application/rss+xml rss;
- text/mathml mml;
- text/plain txt;
- text/vnd.sun.j2me.app-descriptor jad;
- text/vnd.wap.wml wml;
- text/x-component htc;
- image/png png;
- image/tiff tif tiff;
- image/vnd.wap.wbmp wbmp;
- image/x-icon ico;
- image/x-jng jng;
- image/x-ms-bmp bmp;
- image/svg+xml svg svgz;
- image/webp webp;
- application/font-woff woff;
- application/java-archive jar war ear;
- application/json json;
- application/mac-binhex40 hqx;
- application/msword doc;
- application/pdf pdf;
- application/postscript ps eps ai;
- application/rtf rtf;
- application/vnd.apple.mpegurl m3u8;
- application/vnd.ms-excel xls;
- application/vnd.ms-fontobject eot;
- application/vnd.ms-powerpoint ppt;
- application/vnd.wap.wmlc wmlc;
- application/vnd.google-earth.kml+xml kml;
- application/vnd.google-earth.kmz kmz;
- application/x-7z-compressed 7z;
- application/x-cocoa cco;
- application/x-java-archive-diff jardiff;
- application/x-java-jnlp-file jnlp;
- application/x-makeself run;
- application/x-perl pl pm;
- application/x-pilot prc pdb;
- application/x-rar-compressed rar;
- application/x-redhat-package-manager rpm;
- application/x-sea sea;
- application/x-shockwave-flash swf;
- application/x-stuffit sit;
- application/x-tcl tcl tk;
- application/x-x509-ca-cert der pem crt;
- application/x-xpinstall xpi;
- application/xhtml+xml xhtml;
- application/xspf+xml xspf;
- application/zip zip;
- application/octet-stream bin exe dll;
- application/octet-stream deb;
- application/octet-stream dmg;
- application/octet-stream iso img;
- application/octet-stream msi msp msm;
- application/vnd.openxmlformats-officedocument.wordprocessingml.document d ocx;
- application/vnd.openxmlformats-officedocument.spreadsheetml.sheet x lsx;
- application/vnd.openxmlformats-officedocument.presentationml.presentation p ptx;
- audio/midi mid midi kar;
- audio/mpeg mp3;
- audio/ogg ogg;
- audio/x-m4a m4a;
- audio/x-realaudio ra;
- video/3gpp 3gpp 3gp;
- video/mp2t ts;
- video/mp4 mp4;
- video/mpeg mpeg mpg;
- video/quicktime mov;
- video/webm webm;
- video/x-flv flv;
- video/x-m4v m4v;
- video/x-mng mng;
- video/x-ms-asf asx asf;
- video/x-ms-wmv wmv;
- video/x-msvideo avi;
- }
- # configuration file /etc/nginx/conf.d/default.conf:
- server {
- listen x.x.x.x.x.x:80;
- #server_name okay.uz www.test.ru;
- error_log /var/log/nginx/error.log error;
- location / {
- proxy_pass http://localhost:8080;
- location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|tif|tiff|css|js|ttf|otf|w ebp|woff|txt|csv|rtf|doc|docx|xls|xlsx|ppt|pptx|odf|odp|ods|odt|pdf|psd|ai|eot|e ps|ps|zip|tar|tgz|gz|rar|bz2|7z|aac|m4a|mp3|mp4|ogg|wav|wma|3gp|avi|flv|m4v|mkv| mov|mpeg|mpg|wmv|exe|iso|dmg|swf|map)$ {
- root /opt/www/public_html/okay.uz/;
- access_log /var/log/nginx/access.log combined;
- access_log /var/log/nginx/access.bytes bytes;
- expires max;
- try_files $uri @fallback;
- }
- }
- location /error/ {
- alias /opt/www/public_html/test.ru/;
- }
- location @fallback {
- proxy_pass http://localhost:8080;
- }
- location ~ /\.ht {return 404;}
- location ~ /\.svn/ {return 404;}
- location ~ /\.git/ {return 404;}
- location ~ /\.hg/ {return 404;}
- location ~ /\.bzr/ {return 404;}
- ###include /home/admin/conf/web/nginx.windows.uz.conf*;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement