|
initial commit
|
1 |
user www-data; |
| 2 |
worker_processes 1; |
|
| 3 |
pid /run/nginx.pid; |
|
| 4 | ||
| 5 |
events {
|
|
| 6 |
worker_connections 768; |
|
| 7 |
# multi_accept on; |
|
| 8 |
} |
|
| 9 | ||
| 10 |
http {
|
|
| 11 | ||
| 12 |
## |
|
| 13 |
# Basic Settings |
|
| 14 |
## |
|
| 15 | ||
| 16 |
sendfile on; |
|
| 17 |
tcp_nopush on; |
|
| 18 |
tcp_nodelay on; |
|
| 19 |
keepalive_timeout 65; |
|
| 20 |
types_hash_max_size 2048; |
|
| 21 |
server_tokens off; |
|
| 22 | ||
| 23 |
# server_names_hash_bucket_size 64; |
|
| 24 |
server_name_in_redirect off; |
|
| 25 | ||
| 26 |
include /etc/nginx/mime.types; |
|
| 27 |
default_type application/octet-stream; |
|
| 28 | ||
| 29 |
## |
|
| 30 |
# SSL Settings |
|
| 31 |
## |
|
| 32 | ||
| 33 |
ssl_prefer_server_ciphers on; |
|
| 34 |
ssl_certificate ssl_keys/default.pem; |
|
| 35 |
ssl_certificate_key ssl_keys/default.key; |
|
| 36 |
#ssl_dhparam ssl_keys/dhparam-1024.pem; |
|
| 37 |
ssl_dhparam /etc/ssl/private/dhparams.pem; |
|
| 38 |
ssl_session_timeout 5m; |
|
| 39 |
ssl_session_cache shared:SSL:10m; |
|
| 40 |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE |
|
| 41 |
# ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; |
|
| 42 |
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; |
|
| 43 |
# ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:HIGH:!aNULL; |
|
| 44 | ||
| 45 |
add_header Strict-Transport-Security "max-age=15768000; includeSubdomains;"; |
|
| 46 | ||
| 47 |
## |
|
| 48 |
# Logging Settings |
|
| 49 |
## |
|
| 50 | ||
| 51 |
access_log /var/log/nginx/access.log; |
|
| 52 |
error_log /var/log/nginx/error.log; |
|
| 53 | ||
| 54 |
## |
|
| 55 |
# Gzip Settings |
|
| 56 |
## |
|
| 57 | ||
| 58 |
gzip on; |
|
| 59 |
gzip_disable "msie6"; |
|
| 60 | ||
| 61 |
gzip_vary on; |
|
| 62 |
gzip_proxied any; |
|
| 63 |
gzip_comp_level 6; |
|
| 64 |
gzip_buffers 16 8k; |
|
| 65 |
gzip_http_version 1.1; |
|
| 66 |
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; |
|
| 67 | ||
| 68 |
## |
|
| 69 |
# Virtual Host Configs |
|
| 70 |
## |
|
| 71 | ||
| 72 |
include /etc/nginx/conf.d/*.conf; |
|
| 73 |
include /etc/nginx/sites-enabled/*; |
|
| 74 |
} |
|
| 75 | ||
| 76 |