84 lines
2.0 KiB
Nginx Configuration File
84 lines
2.0 KiB
Nginx Configuration File
user guardian;
|
|
|
|
daemon off;
|
|
error_log /mnt/config/log/nginx-error.log warn;
|
|
worker_processes 4;
|
|
worker_rlimit_nofile 8192;
|
|
|
|
events {
|
|
multi_accept on;
|
|
use epoll;
|
|
worker_connections 4096;
|
|
}
|
|
|
|
http {
|
|
# ngx_http_core_module
|
|
|
|
include mime.types;
|
|
|
|
client_body_buffer_size 128k;
|
|
client_body_timeout 12s;
|
|
client_header_timeout 12s;
|
|
client_max_body_size 10m;
|
|
default_type application/octet-stream;
|
|
keepalive_requests 9001;
|
|
keepalive_timeout 65s;
|
|
open_file_cache max=1000 inactive=20s;
|
|
open_file_cache_errors on;
|
|
open_file_cache_min_uses 2;
|
|
open_file_cache_valid 30s;
|
|
resolver 8.8.8.8 8.8.4.4 valid=300s;
|
|
resolver_timeout 5s;
|
|
sendfile on;
|
|
server_tokens off;
|
|
tcp_nodelay on;
|
|
tcp_nopush on;
|
|
types_hash_max_size 2048;
|
|
|
|
# ngx_http_charset_module
|
|
|
|
charset utf-8;
|
|
|
|
# ngx_http_gzip_module
|
|
|
|
gzip on;
|
|
gzip_comp_level 4;
|
|
gzip_min_length 256;
|
|
gzip_proxied no-cache no-store private expired auth;
|
|
gzip_types text/css text/mathml text/plain text/xml image/svg+xml application/atom+xml application/javascript application/json application/rss+xml application/xhtml+xml application/xspf+xml;
|
|
gzip_vary on;
|
|
|
|
# ngx_http_headers_module
|
|
|
|
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-Frame-Options SAMEORIGIN;
|
|
add_header X-Robots-Tag noarchive;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
|
|
# ngx_http_index_module
|
|
|
|
index index.html;
|
|
|
|
# ngx_http_log_module
|
|
|
|
access_log /mnt/config/log/nginx-access.log;
|
|
|
|
# ngx_http_ssl_module
|
|
# https://cipherli.st/
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_dhparam /mnt/config/ssl/dhparam.pem;
|
|
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
|
|
ssl_ecdh_curve secp384r1;
|
|
ssl_session_timeout 10m;
|
|
ssl_session_cache shared:SSL:10m;
|
|
ssl_session_tickets off;
|
|
ssl_stapling on;
|
|
ssl_stapling_verify on;
|
|
|
|
# Other Stuff
|
|
|
|
include nginx.d/*.conf;
|
|
} |