user www-data; worker_processes auto; worker_cpu_affinity auto; worker_rlimit_nofile 100000; pid /run/nginx.pid; events { worker_connections 16384; multi_accept on; use epoll; } http { ## # EasyEngine Settings ## sendfile on; sendfile_max_chunk 512k; tcp_nopush on; tcp_nodelay on; keepalive_timeout 8; keepalive_requests 500; lingering_time 20s; lingering_timeout 5s; server_tokens off; reset_timedout_connection on; add_header X-Powered-By "EasyEngine v3.8.1 - Optimized by VirtuBox"; add_header rt-Fastcgi-Cache $upstream_cache_status; # Limit Request limit_req_status 403; limit_req_zone $remote_addr_ipscrub zone=one:10m rate=1r/s; ## # Simple DOS mitigation ## # Max c/s by ip #limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m; #limit_conn limit_per_ip 80; # Max rq/s by ip #limit_req_zone $binary_remote_addr zone=allips:10m rate=400r/s; #limit_req zone=allips burst=400 nodelay; # Proxy Settings # set_real_ip_from proxy-server-ip; # real_ip_header X-Forwarded-For; fastcgi_read_timeout 120s; client_max_body_size 100m; # See - https://www.nginx.com/blog/thread-pools-boost-performance-9x/ aio threads; # tls dynamic records patch directive ssl_dyn_rec_enable on; ssl_dyn_rec_size_hi 4229; ssl_dyn_rec_size_lo 1369; ssl_dyn_rec_threshold 40; ssl_dyn_rec_timeout 1000; # nginx-vts-status module vhost_traffic_status_zone; # oscp settings resolver 8.8.8.8 1.1.1.1 valid=300s; resolver_timeout 10; ## # GeoIP module configuration, before removing comments # read the tutorial : https://gist.github.com/VirtuBox/9ed03c9bd9169202c358a8be181b7840 ## #geoip_country /usr/share/GeoIP/GeoIP.dat; #geoip_city /usr/share/GeoIP/GeoIPCity.dat; ## # SSL Settings ## # SSL Early Data ssl_early_data off; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers 'TLS13+AESGCM+AES128:EECDH+AES128'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:50m; ssl_session_timeout 1d; ssl_session_tickets off; ssl_ecdh_curve X25519:sect571r1:secp521r1:secp384r1; # Common security headers more_set_headers "X-Frame-Options : SAMEORIGIN"; more_set_headers "X-Xss-Protection : 1; mode=block"; more_set_headers "X-Content-Type-Options : nosniff"; more_set_headers "Referrer-Policy : strict-origin-when-cross-origin"; ## # Basic Settings ## # server_names_hash_bucket_size 64; # server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; ## # Logging Settings ## # disable access_log for performance access_log off; error_log /var/log/nginx/error.log; # Log format Settings - user IP hashed with the module ipscrub log_format rt_cache '$remote_addr_ipscrub $upstream_response_time $upstream_cache_status [$time_local] ' '$http_host "$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" $server_protocol'; # ipscrub settings ipscrub_period_seconds 3600; ## # Gzip Settings ## gzip on; gzip_disable "msie6"; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component text/xml text/javascript; ## # Brotli Settings ## brotli on; brotli_static on; brotli_buffers 16 8k; brotli_comp_level 6; brotli_types *; ## # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; } #mail { # # See sample authentication script at: # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript # # # auth_http localhost/auth.php; # # pop3_capabilities "TOP" "USER"; # # imap_capabilities "IMAP4rev1" "UIDPLUS"; # # server { # listen localhost:110; # protocol pop3; # proxy on; # } # # server { # listen localhost:143; # protocol imap; # proxy on; # } #}