You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

206 lines
4.5 KiB

  1. user www-data;
  2. worker_processes auto;
  3. worker_cpu_affinity auto;
  4. worker_rlimit_nofile 100000;
  5. pid /run/nginx.pid;
  6. pcre_jit on;
  7. events
  8. {
  9. multi_accept on;
  10. worker_connections 50000;
  11. accept_mutex off;
  12. accept_mutex_delay 200ms;
  13. use epoll;
  14. }
  15. http
  16. {
  17. ##
  18. # EasyEngine Settings
  19. ##
  20. sendfile on;
  21. sendfile_max_chunk 512k;
  22. tcp_nopush on;
  23. tcp_nodelay on;
  24. keepalive_timeout 8;
  25. keepalive_requests 500;
  26. keepalive_disable msie6;
  27. lingering_time 20s;
  28. lingering_timeout 5s;
  29. server_tokens off;
  30. reset_timedout_connection on;
  31. add_header X-Powered-By "EasyEngine v3.8.1 - Optimized by VirtuBox";
  32. add_header rt-Fastcgi-Cache $upstream_cache_status;
  33. # Limit Request
  34. limit_req_status 403;
  35. limit_req_zone $remote_addr_ipscrub zone=one:10m rate=1r/s;
  36. ##
  37. # Simple DOS mitigation
  38. ##
  39. # Max c/s by ip
  40. #limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
  41. #limit_conn limit_per_ip 80;
  42. # Max rq/s by ip
  43. #limit_req_zone $binary_remote_addr zone=allips:10m rate=400r/s;
  44. #limit_req zone=allips burst=400 nodelay;
  45. # Proxy Settings
  46. # set_real_ip_from proxy-server-ip;
  47. # real_ip_header X-Forwarded-For;
  48. fastcgi_read_timeout 120s;
  49. client_max_body_size 100m;
  50. # See - https://www.nginx.com/blog/thread-pools-boost-performance-9x/
  51. aio threads;
  52. # tls dynamic records patch directive
  53. ssl_dyn_rec_enable on;
  54. ssl_dyn_rec_size_hi 4229;
  55. ssl_dyn_rec_size_lo 1369;
  56. ssl_dyn_rec_threshold 40;
  57. ssl_dyn_rec_timeout 1000;
  58. # nginx-vts-status module
  59. vhost_traffic_status_zone;
  60. # oscp settings
  61. resolver 8.8.8.8 1.1.1.1 valid=300s;
  62. resolver_timeout 10;
  63. ##
  64. # GeoIP module configuration, before removing comments
  65. # read the tutorial : https://gist.github.com/VirtuBox/9ed03c9bd9169202c358a8be181b7840
  66. ##
  67. #geoip_country /usr/share/GeoIP/GeoIP.dat;
  68. #geoip_city /usr/share/GeoIP/GeoIPCity.dat;
  69. ##
  70. # SSL Settings
  71. ##
  72. # SSL Early Data
  73. ssl_early_data off;
  74. ssl_protocols TLSv1.2 TLSv1.3;
  75. ssl_ciphers 'TLS13+AESGCM+AES128:EECDH+AES128';
  76. ssl_prefer_server_ciphers on;
  77. ssl_session_cache shared:SSL:50m;
  78. ssl_session_timeout 1d;
  79. ssl_session_tickets off;
  80. ssl_ecdh_curve X25519:sect571r1:secp521r1:secp384r1;
  81. # Common security headers
  82. more_set_headers "X-Frame-Options : SAMEORIGIN";
  83. more_set_headers "X-Xss-Protection : 1; mode=block";
  84. more_set_headers "X-Content-Type-Options : nosniff";
  85. more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";
  86. more_set_headers "X-Download-Options : noopen;";
  87. ##
  88. # Basic Settings
  89. ##
  90. # server_names_hash_bucket_size 64;
  91. # server_name_in_redirect off;
  92. include /etc/nginx/mime.types;
  93. default_type application/octet-stream;
  94. ##
  95. # Logging Settings
  96. ##
  97. # disable access_log for performance
  98. access_log off;
  99. error_log /var/log/nginx/error.log;
  100. # Log format Settings - user IP hashed with the module ipscrub
  101. log_format rt_cache '$remote_addr_ipscrub $upstream_response_time $upstream_cache_status [$time_local] '
  102. '$http_host "$request" $status $body_bytes_sent '
  103. '"$http_referer" "$http_user_agent" $server_protocol';
  104. # ipscrub settings
  105. ipscrub_period_seconds 3600;
  106. ##
  107. # Gzip Settings
  108. ##
  109. gzip on;
  110. gzip_disable "msie6";
  111. gzip_vary on;
  112. gzip_proxied any;
  113. gzip_comp_level 6;
  114. gzip_buffers 16 8k;
  115. gzip_http_version 1.1;
  116. gzip_types
  117. application/atom+xml
  118. application/javascript
  119. application/json
  120. application/rss+xml
  121. application/vnd.ms-fontobject
  122. application/x-font-ttf
  123. application/x-web-app-manifest+json
  124. application/xhtml+xml
  125. application/xml
  126. font/opentype
  127. image/svg+xml
  128. image/x-icon
  129. text/css
  130. text/plain
  131. text/x-component
  132. text/xml
  133. text/javascript;
  134. ##
  135. # Brotli Settings
  136. ##
  137. brotli on;
  138. brotli_static on;
  139. brotli_buffers 16 8k;
  140. brotli_comp_level 4;
  141. brotli_types *;
  142. ##
  143. # Virtual Host Configs
  144. ##
  145. include /etc/nginx/conf.d/*.conf;
  146. include /etc/nginx/sites-enabled/*;
  147. }
  148. #mail {
  149. # # See sample authentication script at:
  150. # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
  151. #
  152. # # auth_http localhost/auth.php;
  153. # # pop3_capabilities "TOP" "USER";
  154. # # imap_capabilities "IMAP4rev1" "UIDPLUS";
  155. #
  156. # server {
  157. # listen localhost:110;
  158. # protocol pop3;
  159. # proxy on;
  160. # }
  161. #
  162. # server {
  163. # listen localhost:143;
  164. # protocol imap;
  165. # proxy on;
  166. # }
  167. #}