centminmod/nginx.conf Secret

## nginx.conf
user              nginx nginx;
worker_processes 4;
worker_priority -10;

worker_rlimit_nofile 260000;
timer_resolution 100ms;

pcre_jit on;
include /usr/local/nginx/conf/dynamic-modules.conf;


pid         logs/nginx.pid;

events {
    worker_connections  50000;
    accept_mutex off;
    accept_mutex_delay 200ms;
    use epoll;
    #multi_accept on;
}

http {
 map_hash_bucket_size 128;
 map_hash_max_size 4096;
 server_names_hash_bucket_size 128;
 server_names_hash_max_size 2048;
 variables_hash_max_size 2048;

limit_req_zone $binary_remote_addr zone=xwplogin:16m rate=40r/m;
#limit_conn_zone $binary_remote_addr zone=xwpconlimit:16m;

# sets Centmin Mod headers via headers more nginx module
# https://github.com/openresty/headers-more-nginx-module
# don't remove the first 2 lines as centmin mod checks to see if they're
# missing and re-adds them anyway. Just uncomment the 3rd & 4th lines
# which is used to override the Server header to what you want = nginx
# and remove the X-Powered-By header + restart nginx service
# do not disable headers more nginx module itself as it's required for
# other centmin mod features like redis nginx level caching & letsencrypt
# integration in vhosts created by addons/acmetool.sh
more_set_headers "Server: nginx centminmod";
more_set_headers "X-Powered-By: centminmod";
#more_set_headers "Server: nginx";
#more_clear_headers "X-Powered-By";

# uncomment cloudflare.conf include if using cloudflare for
# server and/or vhost site + setup cron job for command
# /usr/local/src/centminmod/tools/csfcf.sh auto
# run the auto command once to populate cloudflare ips
#include /usr/local/nginx/conf/cloudflare.conf;
# uncomment incapsula.conf include if using incapsula for
# server and/or vhost site + setup cron job for command
# /usr/local/src/centminmod/tools/csfincapsula.sh auto
# run the auto command once to popular incapsula ips
#include /usr/local/nginx/conf/incapsula.conf;
include /usr/local/nginx/conf/maintenance.conf;
#include /usr/local/nginx/conf/vts_http.conf;
include /usr/local/nginx/conf/geoip.conf;
include /usr/local/nginx/conf/webp.conf;
#include /usr/local/nginx/conf/pagespeedadmin.conf;
include /usr/local/nginx/conf/fastcgi_param_https_map.conf;

log_format  main  '$remote_addr - $remote_user [$time_local] $request '
                '"$status" $body_bytes_sent "$http_referer" '
                '"$http_user_agent" "$http_x_forwarded_for" "$gzip_ratio"'
                ' "$connection" "$connection_requests" "$request_time"';

log_format  ddos-proxy '$remote_addr for $http_x_real_ip - $remote_user [$time_local] $request '
                '"$status" $body_bytes_sent "$http_referer" '
                '"$http_user_agent" "$http_x_forwarded_for" "$gzip_ratio"'
                ' "$connection" "$connection_requests" "$request_time"';

log_format  main_ext '$remote_addr - $remote_user [$time_local] "$request" '
                         '$status $body_bytes_sent "$http_referer" '
                         '"$http_user_agent" "$http_x_forwarded_for" '
                         'rt=$request_time ua="$upstream_addr" '
                         'us="$upstream_status" ut="$upstream_response_time" '
                         'ul="$upstream_response_length" '
                         'cs=$upstream_cache_status' ;

access_log  off;
error_log   logs/error.log warn;

    index  index.php index.html index.htm;
    include       mime.types;
    default_type  application/octet-stream;
    charset utf-8;

        sendfile on;
        sendfile_max_chunk 512k;
        tcp_nopush  on;
        tcp_nodelay on;
        server_tokens off;
        server_name_in_redirect off;

        keepalive_timeout  5;
        keepalive_requests 500;
        lingering_time 20s;
        lingering_timeout 5s;
        keepalive_disable msie6;

        gzip on;
        gzip_vary   on;
        gzip_disable "MSIE [1-6]\.";
        gzip_static on;
        gzip_min_length   1400;
        gzip_buffers      32 8k;
        gzip_http_version 1.0;
        gzip_comp_level 5;
        gzip_proxied    any;
        gzip_types text/plain text/css text/xml application/javascript application/x-javascript application/xml application/xml+rss application/ecmascript application/json image/svg+xml;

 client_body_buffer_size 256k;
 client_body_in_file_only off;
 client_body_timeout 60s;
 client_header_buffer_size 64k;
## how long a connection has to complete sending
## it's headers for request to be processed
 client_header_timeout  10s;
 client_max_body_size 1024m;
 connection_pool_size  512;
 directio  4m;
 directio_alignment 512;
 ignore_invalid_headers on;
 large_client_header_buffers 8 64k;
 output_buffers   1 512k;
 postpone_output  1460;
 proxy_temp_path  /tmp/nginx_proxy/;
 request_pool_size  32k;
 reset_timedout_connection on;
 send_timeout     60s;
 types_hash_max_size 2048;

# for nginx proxy backends to prevent redirects to backend port
# port_in_redirect off;

open_file_cache max=50000 inactive=60s;
open_file_cache_valid 120s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
open_log_file_cache max=10000 inactive=30s min_uses=2;

## limit number of concurrency connections per ip to 16
## add to your server {} section the next line
## limit_conn limit_per_ip 16;
## uncomment below line allows 500K sessions
# limit_conn_log_level error;
#######################################
# use limit_zone for Nginx <v1.1.7 and lower
# limit_zone $binary_remote_addr zone=limit_per_ip:16m;
#######################################
# use limit_conn_zone for Nginx >v1.1.8 and higher
# limit_conn_zone $binary_remote_addr zone=limit_per_ip:16m;
#######################################

 include /usr/local/nginx/conf/conf.d/*.conf;
}
	user nginx nginx;
	worker_processes 4;
	worker_priority -10;

	worker_rlimit_nofile 260000;
	timer_resolution 100ms;

	pcre_jit on;
	include /usr/local/nginx/conf/dynamic-modules.conf;


	pid logs/nginx.pid;

	events {
	worker_connections 50000;
	accept_mutex off;
	accept_mutex_delay 200ms;
	use epoll;
	#multi_accept on;
	}

	http {
	map_hash_bucket_size 128;
	map_hash_max_size 4096;
	server_names_hash_bucket_size 128;
	server_names_hash_max_size 2048;
	variables_hash_max_size 2048;

	limit_req_zone $binary_remote_addr zone=xwplogin:16m rate=40r/m;
	#limit_conn_zone $binary_remote_addr zone=xwpconlimit:16m;

	# sets Centmin Mod headers via headers more nginx module
	# https://github.com/openresty/headers-more-nginx-module
	# don't remove the first 2 lines as centmin mod checks to see if they're
	# missing and re-adds them anyway. Just uncomment the 3rd & 4th lines
	# which is used to override the Server header to what you want = nginx
	# and remove the X-Powered-By header + restart nginx service
	# do not disable headers more nginx module itself as it's required for
	# other centmin mod features like redis nginx level caching & letsencrypt
	# integration in vhosts created by addons/acmetool.sh
	more_set_headers "Server: nginx centminmod";
	more_set_headers "X-Powered-By: centminmod";
	#more_set_headers "Server: nginx";
	#more_clear_headers "X-Powered-By";

	# uncomment cloudflare.conf include if using cloudflare for
	# server and/or vhost site + setup cron job for command
	# /usr/local/src/centminmod/tools/csfcf.sh auto
	# run the auto command once to populate cloudflare ips
	#include /usr/local/nginx/conf/cloudflare.conf;
	# uncomment incapsula.conf include if using incapsula for
	# server and/or vhost site + setup cron job for command
	# /usr/local/src/centminmod/tools/csfincapsula.sh auto
	# run the auto command once to popular incapsula ips
	#include /usr/local/nginx/conf/incapsula.conf;
	include /usr/local/nginx/conf/maintenance.conf;
	#include /usr/local/nginx/conf/vts_http.conf;
	include /usr/local/nginx/conf/geoip.conf;
	include /usr/local/nginx/conf/webp.conf;
	#include /usr/local/nginx/conf/pagespeedadmin.conf;
	include /usr/local/nginx/conf/fastcgi_param_https_map.conf;

	log_format main '$remote_addr - $remote_user [$time_local] $request '
	'"$status" $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for" "$gzip_ratio"'
	' "$connection" "$connection_requests" "$request_time"';

	log_format ddos-proxy '$remote_addr for $http_x_real_ip - $remote_user [$time_local] $request '
	'"$status" $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for" "$gzip_ratio"'
	' "$connection" "$connection_requests" "$request_time"';

	log_format main_ext '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for" '
	'rt=$request_time ua="$upstream_addr" '
	'us="$upstream_status" ut="$upstream_response_time" '
	'ul="$upstream_response_length" '
	'cs=$upstream_cache_status' ;

	access_log off;
	error_log logs/error.log warn;

	index index.php index.html index.htm;
	include mime.types;
	default_type application/octet-stream;
	charset utf-8;

	sendfile on;
	sendfile_max_chunk 512k;
	tcp_nopush on;
	tcp_nodelay on;
	server_tokens off;
	server_name_in_redirect off;

	keepalive_timeout 5;
	keepalive_requests 500;
	lingering_time 20s;
	lingering_timeout 5s;
	keepalive_disable msie6;

	gzip on;
	gzip_vary on;
	gzip_disable "MSIE [1-6]\.";
	gzip_static on;
	gzip_min_length 1400;
	gzip_buffers 32 8k;
	gzip_http_version 1.0;
	gzip_comp_level 5;
	gzip_proxied any;
	gzip_types text/plain text/css text/xml application/javascript application/x-javascript application/xml application/xml+rss application/ecmascript application/json image/svg+xml;

	client_body_buffer_size 256k;
	client_body_in_file_only off;
	client_body_timeout 60s;
	client_header_buffer_size 64k;
	## how long a connection has to complete sending
	## it's headers for request to be processed
	client_header_timeout 10s;
	client_max_body_size 1024m;
	connection_pool_size 512;
	directio 4m;
	directio_alignment 512;
	ignore_invalid_headers on;
	large_client_header_buffers 8 64k;
	output_buffers 1 512k;
	postpone_output 1460;
	proxy_temp_path /tmp/nginx_proxy/;
	request_pool_size 32k;
	reset_timedout_connection on;
	send_timeout 60s;
	types_hash_max_size 2048;

	# for nginx proxy backends to prevent redirects to backend port
	# port_in_redirect off;

	open_file_cache max=50000 inactive=60s;
	open_file_cache_valid 120s;
	open_file_cache_min_uses 2;
	open_file_cache_errors off;
	open_log_file_cache max=10000 inactive=30s min_uses=2;

	## limit number of concurrency connections per ip to 16
	## add to your server {} section the next line
	## limit_conn limit_per_ip 16;
	## uncomment below line allows 500K sessions
	# limit_conn_log_level error;
	#######################################
	# use limit_zone for Nginx <v1.1.7 and lower
	# limit_zone $binary_remote_addr zone=limit_per_ip:16m;
	#######################################
	# use limit_conn_zone for Nginx >v1.1.8 and higher
	# limit_conn_zone $binary_remote_addr zone=limit_per_ip:16m;
	#######################################

	include /usr/local/nginx/conf/conf.d/*.conf;
	}