Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4f2bfc2c06af36e491c39d3ac23c6104f180bb37
WPIQ/wo/cli/templates/nginx-core.mustache
VirtuBox 4f2bfc2c06 Update nginx stack install
2019-07-28 21:23:07 +02:00

190 lines
3.7 KiB
Plaintext
Raw Blame History

user www-data;
worker_processes auto;
worker_cpu_affinity auto;
worker_rlimit_nofile 100000;
pid /run/nginx.pid;
pcre_jit on;
events {
multi_accept on;
worker_connections 50000;
accept_mutex on;
use epoll;
}
http {
##
# WordOps Settings
##
sendfile on;
sendfile_max_chunk 512k;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 8;
keepalive_requests 500;
keepalive_disable msie6;
lingering_time 20s;
lingering_timeout 5s;
# Nginx AIO : See - https://www.nginx.com/blog/thread-pools-boost-performance-9x/
# http://nginx.org/en/docs/http/ngx_http_core_module.html#aio
aio threads;
server_tokens off;
reset_timedout_connection on;
more_set_headers "X-Powered-By : WordOps";
# Limit Request
limit_req_status 403;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
# Proxy Settings
# set_real_ip_from proxy-server-ip;
# real_ip_header X-Forwarded-For;
fastcgi_read_timeout 300;
client_max_body_size 100m;
# ngx_vts_module
vhost_traffic_status_zone;
##
# SSL Settings
##
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_prefer_server_ciphers on;
ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+AESGCM:EECDH+CHACHA20';
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ecdh_curve secp521r1:secp384r1;
# Previous TLS v1.2 configuration
# ssl_protocols TLSv1.2;
# ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;
# Common security headers
more_set_headers "X-Frame-Options : SAMEORIGIN";
more_set_headers "X-Xss-Protection : 1; mode=block";
more_set_headers "X-Content-Type-Options : nosniff";
more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
more_set_headers "X-Download-Options : noopen";
# oscp settings
resolver 8.8.8.8 1.1.1.1 8.8.4.4 1.0.0.1 valid=300s;
resolver_timeout 10;
ssl_stapling on;
##
# Basic Settings
##
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log off;
error_log /var/log/nginx/error.log;
# Log format Settings
log_format wo_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
'$http_host "$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" "$server_protocol"';
##
# Gzip Settings
##
# mitigation for CRIME/BREACH attacks
gzip off;
##
# Brotli Settings
##
brotli on;
brotli_static on;
brotli_buffers 16 8k;
brotli_min_length 64000;
brotli_comp_level 4;
brotli_types
application/atom+xml
application/geo+json
application/javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/vnd.ms-fontobject
application/wasm
application/x-font-opentype
application/x-font-truetype
application/x-font-ttf
application/x-javascript
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
application/xml+rss
font/eot
font/opentype
font/otf
image/bmp
image/svg+xml
image/vnd.microsoft.icon
image/x-icon
image/x-win-bitmap
text/cache-manifest
text/calendar
text/css
text/javascript
text/markdown
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy
text/xml;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
Reference in New Issue View Git Blame Copy Permalink