Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- user www-data;
- worker_processes auto;
- worker_rlimit_nofile 116124;
- pid /run/nginx.pid;
- events {
- worker_connections 8192;
- multi_accept on;
- }
- http {
- ##
- # Basic Settings
- ##
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;
- server_tokens off;
- reset_timedout_connection on;
- send_timeout 15;
- keepalive_timeout 15;
- client_body_buffer_size 128k;
- client_max_body_size 50m;
- client_body_timeout 15;
- client_header_timeout 15;
- open_file_cache_valid 3m;
- open_file_cache max=38708 inactive=5m;
- types_hash_max_size 2048;
- # server_names_hash_bucket_size 64;
- # server_name_in_redirect off;
- limit_req_status 403;
- limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
- limit_req_zone $binary_remote_addr zone=wp:10m rate=3r/s;
- include /etc/nginx/mime.types;
- include common/headers-http.conf;
- default_type application/octet-stream;
- ##
- # SSL Settings
- ##
- ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
- ssl_session_timeout 10m;
- ssl_session_cache shared:SSL:20m;
- ssl_dhparam /etc/ssl/dhparam.pem;
- ssl_ecdh_curve prime256v1:secp384r1:secp521r1;
- ssl_prefer_server_ciphers on;
- ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT';
- ##
- # Logging Settings
- ##
- access_log /var/log/nginx/access.log;
- error_log /var/log/nginx/error.log;
- open_log_file_cache max=1000 inactive=30s valid=1m;
- log_format we_log '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
- '$http_host "$request" $status $body_bytes_sent '
- '"$http_referer" "$http_user_agent"';
- ##
- # Gzip Settings
- ##
- gzip on;
- gzip_disable "msie6";
- gzip_vary on;
- gzip_proxied any;
- gzip_comp_level 6;
- gzip_buffers 16 8k;
- gzip_http_version 1.1;
- gzip_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component text/xml text/javascript;
- ##
- # Virtual Host Configs
- ##
- include /etc/nginx/conf.d/*.conf;
- include /etc/nginx/sites-enabled/*;
- set_real_ip_from 103.21.244.0/22;
- set_real_ip_from 103.22.200.0/22;
- set_real_ip_from 103.31.4.0/22;
- set_real_ip_from 104.16.0.0/12;
- set_real_ip_from 108.162.192.0/18;
- set_real_ip_from 131.0.72.0/22;
- set_real_ip_from 141.101.64.0/18;
- set_real_ip_from 162.158.0.0/15;
- set_real_ip_from 172.64.0.0/13;
- set_real_ip_from 173.245.48.0/20;
- set_real_ip_from 188.114.96.0/20;
- set_real_ip_from 190.93.240.0/20;
- set_real_ip_from 197.234.240.0/22;
- set_real_ip_from 198.41.128.0/17;
- set_real_ip_from 2400:cb00::/32;
- set_real_ip_from 2606:4700::/32;
- set_real_ip_from 2803:f800::/32;
- set_real_ip_from 2405:b500::/32;
- set_real_ip_from 2405:8100::/32;
- set_real_ip_from 2c0f:f248::/32;
- set_real_ip_from 2a06:98c0::/29;
- # use any of the following two
- real_ip_header CF-Connecting-IP;
- #real_ip_header X-Forwarded-For;
- }
- #mail {
- # # See sample authentication script at:
- # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
- #
- # # auth_http localhost/auth.php;
- # # pop3_capabilities "TOP" "USER";
- # # imap_capabilities "IMAP4rev1" "UIDPLUS";
- #
- # server {
- # listen localhost:110;
- # protocol pop3;
- # proxy on;
- # }
- #
- # server {
- # listen localhost:143;
- # protocol imap;
- # proxy on;
- # }
- #}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement