122 lines
3.8 KiB
Nginx Configuration File
122 lines
3.8 KiB
Nginx Configuration File
#extra config End
|
|
#user me;
|
|
#quic_bpf on;
|
|
worker_processes 1;
|
|
|
|
error_log /opt/nginx/logs/error.log warn;
|
|
pid /opt/nginx/tmp/nginx.pid;
|
|
|
|
pcre_jit on;
|
|
timer_resolution 100ms;
|
|
|
|
events {
|
|
use epoll;
|
|
worker_aio_requests 128;
|
|
worker_connections 5120;
|
|
multi_accept on;
|
|
}
|
|
|
|
http {
|
|
include mime.types;
|
|
charset utf-8;
|
|
default_type application/octet-stream;
|
|
|
|
client_body_temp_path /opt/nginx/tmp/client_temp;
|
|
proxy_temp_path /opt/nginx/tmp/proxy;
|
|
proxy_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
|
|
proxy_ssl_server_name on;
|
|
proxy_ssl_verify on;
|
|
|
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
'$status $body_bytes_sent "$http_referer" '
|
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
|
|
access_log /opt/nginx/logs/access.log main;
|
|
|
|
sendfile on;
|
|
aio threads;
|
|
aio_write on;
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
resolver __DNS_SERVER__ valid=5s;
|
|
|
|
open_file_cache max=1000 inactive=20s;
|
|
open_file_cache_valid 30s;
|
|
open_file_cache_min_uses 2;
|
|
open_file_cache_errors on;
|
|
|
|
keepalive_timeout 15s;
|
|
send_timeout 60s;
|
|
client_header_timeout 15s;
|
|
client_body_timeout 600s;
|
|
client_max_body_size 500m;
|
|
client_body_buffer_size 8K;
|
|
client_header_buffer_size 1k;
|
|
large_client_header_buffers 4 8k;
|
|
output_buffers 5 8m;
|
|
resolver_timeout 5s;
|
|
read_ahead 256k;
|
|
|
|
keepalive_disable msie6;
|
|
disable_symlinks if_not_owner;
|
|
if_modified_since before;
|
|
reset_timedout_connection on;
|
|
server_tokens off;
|
|
more_set_headers 'Server: AmazingFromHere';
|
|
|
|
more_set_headers 'X-Frame-Options: SAMEORIGIN';
|
|
more_set_headers 'X-Content-Type-Options: nosniff';
|
|
more_set_headers 'X-XSS-Protection: 1; mode=block';
|
|
|
|
ssl_protocols TLSv1.3;
|
|
ssl_ecdh_curve X25519:P-521:P-384;
|
|
ssl_stapling on; # Requires nginx >= 1.3.7
|
|
ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
|
|
ssl_stapling_verify on; # Requires nginx => 1.3.7
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_session_cache builtin:1000 shared:SSL:50m;
|
|
ssl_session_timeout 1d;
|
|
ssl_session_tickets off;
|
|
|
|
gzip_static on;
|
|
gzip on;
|
|
gzip_comp_level 5;
|
|
gzip_min_length 512;
|
|
gzip_proxied any;
|
|
gzip_vary on;
|
|
gzip_disable "msie6";
|
|
gzip_types
|
|
text/plain
|
|
text/css
|
|
text/x-component
|
|
text/javascript application/x-javascript application/javascript text/x-js
|
|
image/svg+xml
|
|
text/plaintext/xsd text/xsl
|
|
text/xml application/xml application/rss+xml
|
|
application/json
|
|
font/truetype font/opentype application/x-font-otf application/x-font-ttf application/vnd.ms-opentype application/vnd.ms-fontobject application/font-woff application/font-woff2
|
|
audio/ogg
|
|
application/pdf
|
|
image/bmp image/x-icon image/webp image/tiff
|
|
audio/wav;
|
|
|
|
brotli_static on;
|
|
brotli on;
|
|
brotli_types
|
|
text/plain
|
|
text/css
|
|
text/x-component
|
|
text/javascript application/x-javascript application/javascript text/x-js
|
|
image/svg+xml
|
|
text/plaintext/xsd text/xsl
|
|
text/xml application/xml application/rss+xml
|
|
application/json
|
|
font/truetype font/opentype application/x-font-otf application/x-font-ttf application/vnd.ms-opentype application/vnd.ms-fontobject application/font-woff application/font-woff2
|
|
audio/ogg
|
|
application/pdf
|
|
image/bmp image/x-icon image/webp image/tiff
|
|
audio/wav;
|
|
|
|
include /opt/nginx/etc/conf.d/*.conf;
|
|
}
|