VirtuBox/nginx.conf

## nginx.conf
user www-data;
# # The special value auto allows binding worker processes automatically to available CPUs:
worker_processes auto;
worker_cpu_affinity auto;
# # Changes the limit on the maximum number of open files (RLIMIT_NOFILE) for worker processes
worker_rlimit_nofile 100000;
pid /run/nginx.pid;

# # PCRE JIT can speed up processing of regular expressions significantly.
pcre_jit on;

events {
    # autoriser les workers à process plusieurs connections
    multi_accept on;
    # augmenter le nombre de connexion max
    worker_connections 50000;
    # force les workers à accepter les connections par tour et évite le gaspillage de ressources
    accept_mutex on;
    # défini la méthode de process des connections sur une version moderne (kernel 2.6+)
    use epoll;
}


http {

    keepalive_timeout 8;

    # Nginx AIO : See - https://www.nginx.com/blog/thread-pools-boost-performance-9x/
    # http://nginx.org/en/docs/http/ngx_http_core_module.html#aio
    aio threads;

    server_tokens off;
    # This helps avoid keeping an already closed socket with filled buffers in a FIN_WAIT1 state for a long time.
    reset_timedout_connection on;

    # Proxy Settings
    # set_real_ip_from	proxy-server-ip;
    # real_ip_header	X-Forwarded-For;

    fastcgi_read_timeout 300;
    client_max_body_size 100m;

    # Enables the use of the O_DIRECT flag t can be useful for serving large files
    directio 4m;
    directio_alignment 512;
    large_client_header_buffers 8 64k;

    # If possible, the transmission of client data will be postponed until nginx has at least size bytes of data to send
    postpone_output 1460;
    # When buffering is disabled, the response is passed to a client synchronously
    proxy_buffers 8 32k;
    proxy_buffer_size 64k;

    # sendfile() is called with the SF_NODISKIO flag which causes it not to block on disk I/O
    sendfile on;
    sendfile_max_chunk 512k;

    # sending the response header and the beginning of a file in one packet, on Linux
    tcp_nopush on;
    # The option is enabled when a connection is transitioned into the keep-alive state
    tcp_nodelay on;

    # Closing connections periodically is necessary to free per-connection memory allocations
    keepalive_requests 500;
    keepalive_disable msie6;

    # specifies the maximum time during which nginx will process (read and ignore) additional data coming from a client. After that, the connection will be closed
    lingering_time 20s;
    lingering_timeout 5s;

    # Configures a cache that can store, open file descriptors, information on existence of directories and file lookup errors
    open_file_cache max=50000 inactive=60s;
    open_file_cache_errors off;
    open_file_cache_min_uses 2;
    open_file_cache_valid 120s;
    open_log_file_cache max=10000 inactive=30s min_uses=2;

    ##
    # SSL Settings
    ##

    # Enable 0-RTT support for TLS 1.3
    proxy_set_header Early-Data $ssl_early_data;
    ssl_early_data on;

    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+AESGCM:EECDH+CHACHA20';
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ecdh_curve X25519:P-521:P-384:P-256;

    # Common security headers
    # require more_set_headers module
    more_set_headers "X-Frame-Options : SAMEORIGIN";
    more_set_headers "X-Content-Type-Options : nosniff";
    more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";

    # oscp settings
    resolver 8.8.8.8 1.1.1.1 8.8.4.4 1.0.0.1 valid=300s;
    resolver_timeout 10;
    ssl_stapling on;

    ##
    # Basic Settings
    ##
    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # Logging Settings
    ##

    access_log off;
    error_log /var/log/nginx/error.log;

    # Log format Settings
    log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
    '$http_host "$request" $status $body_bytes_sent '
    '"$http_referer" "$http_user_agent" "$server_protocol"';

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}


#mail {
#	# See sample authentication script at:
#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#	# auth_http localhost/auth.php;
#	# pop3_capabilities "TOP" "USER";
#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#	server {
#		listen	 localhost:110;
#		protocol   pop3;
#		proxy	  on;
#	}
#
#	server {
#		listen	 localhost:143;
#		protocol   imap;
#		proxy	  on;
#	}
#}
	user www-data;
	# # The special value auto allows binding worker processes automatically to available CPUs:
	worker_processes auto;
	worker_cpu_affinity auto;
	# # Changes the limit on the maximum number of open files (RLIMIT_NOFILE) for worker processes
	worker_rlimit_nofile 100000;
	pid /run/nginx.pid;

	# # PCRE JIT can speed up processing of regular expressions significantly.
	pcre_jit on;

	events {
	# autoriser les workers à process plusieurs connections
	multi_accept on;
	# augmenter le nombre de connexion max
	worker_connections 50000;
	# force les workers à accepter les connections par tour et évite le gaspillage de ressources
	accept_mutex on;
	# défini la méthode de process des connections sur une version moderne (kernel 2.6+)
	use epoll;
	}


	http {

	keepalive_timeout 8;

	# Nginx AIO : See - https://www.nginx.com/blog/thread-pools-boost-performance-9x/
	# http://nginx.org/en/docs/http/ngx_http_core_module.html#aio
	aio threads;

	server_tokens off;
	# This helps avoid keeping an already closed socket with filled buffers in a FIN_WAIT1 state for a long time.
	reset_timedout_connection on;

	# Proxy Settings
	# set_real_ip_from proxy-server-ip;
	# real_ip_header X-Forwarded-For;

	fastcgi_read_timeout 300;
	client_max_body_size 100m;

	# Enables the use of the O_DIRECT flag t can be useful for serving large files
	directio 4m;
	directio_alignment 512;
	large_client_header_buffers 8 64k;

	# If possible, the transmission of client data will be postponed until nginx has at least size bytes of data to send
	postpone_output 1460;
	# When buffering is disabled, the response is passed to a client synchronously
	proxy_buffers 8 32k;
	proxy_buffer_size 64k;

	# sendfile() is called with the SF_NODISKIO flag which causes it not to block on disk I/O
	sendfile on;
	sendfile_max_chunk 512k;

	# sending the response header and the beginning of a file in one packet, on Linux
	tcp_nopush on;
	# The option is enabled when a connection is transitioned into the keep-alive state
	tcp_nodelay on;

	# Closing connections periodically is necessary to free per-connection memory allocations
	keepalive_requests 500;
	keepalive_disable msie6;

	# specifies the maximum time during which nginx will process (read and ignore) additional data coming from a client. After that, the connection will be closed
	lingering_time 20s;
	lingering_timeout 5s;

	# Configures a cache that can store, open file descriptors, information on existence of directories and file lookup errors
	open_file_cache max=50000 inactive=60s;
	open_file_cache_errors off;
	open_file_cache_min_uses 2;
	open_file_cache_valid 120s;
	open_log_file_cache max=10000 inactive=30s min_uses=2;

	##
	# SSL Settings
	##

	# Enable 0-RTT support for TLS 1.3
	proxy_set_header Early-Data $ssl_early_data;
	ssl_early_data on;

	ssl_session_timeout 1d;
	ssl_session_cache shared:SSL:50m;
	ssl_session_tickets off;
	ssl_prefer_server_ciphers on;
	ssl_ciphers 'TLS13+AESGCM+AES256:TLS13+AESGCM+AES128:TLS13+CHACHA20:EECDH+AESGCM:EECDH+CHACHA20';
	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_ecdh_curve X25519:P-521:P-384:P-256;

	# Common security headers
	# require more_set_headers module
	more_set_headers "X-Frame-Options : SAMEORIGIN";
	more_set_headers "X-Content-Type-Options : nosniff";
	more_set_headers "Referrer-Policy : strict-origin-when-cross-origin";

	# oscp settings
	resolver 8.8.8.8 1.1.1.1 8.8.4.4 1.0.0.1 valid=300s;
	resolver_timeout 10;
	ssl_stapling on;

	##
	# Basic Settings
	##
	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# Logging Settings
	##

	access_log off;
	error_log /var/log/nginx/error.log;

	# Log format Settings
	log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
	'$http_host "$request" $status $body_bytes_sent '
	'"$http_referer" "$http_user_agent" "$server_protocol"';

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
	}


	#mail {
	# # See sample authentication script at:
	# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
	#
	# # auth_http localhost/auth.php;
	# # pop3_capabilities "TOP" "USER";
	# # imap_capabilities "IMAP4rev1" "UIDPLUS";
	#
	# server {
	# listen localhost:110;
	# protocol pop3;
	# proxy on;
	# }
	#
	# server {
	# listen localhost:143;
	# protocol imap;
	# proxy on;
	# }
	#}