Skip to content

Instantly share code, notes, and snippets.

@david-littlefield

david-littlefield/nginx.conf Secret

Last active November 29, 2021 01:39
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save david-littlefield/55c3be458c26877fc273a57ffd069c90 to your computer and use it in GitHub Desktop.
Save david-littlefield/55c3be458c26877fc273a57ffd069c90 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
nginx.conf
# loads image filter module
load_module modules/ngx_http_image_filter_module.so;
# sets user to default user for web server
user www-data;
# sets number of cpu cores to use
worker_processes auto;
# customizes how to handle connections
events {
# sets number of connections to use per cpu core
worker_connections 1024;
# uses efficient connection processing method
use epoll;
# sets worker processes to accept all connections
multi_accept on;
}
# customizes how to handle http and https connections
http {
sendfile on;
tcp_nodelay on;
tcp_nopush off;
aio on;
# enables gzip compression
gzip on;
gzip_static on;
# customizes gzip compression
gzip_proxied any;
gzip_comp_level 4;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types
application/atom+xml
application/geo+json
application/javascript
application/x-javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/xhtml+xml
application/xml
font/eot
font/otf
font/ttf
image/svg+xml
text/css
text/javascript
text/plain
text/xml
image/jpeg
image/webp
image/png;
# customizes how to store image cache
proxy_cache_path /var/www/resize_cache levels=1:2 keys_zone=resize_cache:10m max_size=256m inactive=1M use_temp_path=off;
# sets format to name and hash cache files
proxy_cache_key $scheme$request_method$host$request_uri;
# customizes how to store fastcgi cache
fastcgi_cache_path /var/www/fastcgi_cache levels=1:2 keys_zone=fastcgi_cache:10m max_size=256m inactive=1M use_temp_path=off;
# sets format to name and hash cache files
fastcgi_cache_key $scheme$request_method$host$request_uri;
server {
listen 80;
server_name _;
location ^~ /.well-known/acme-challenge/ {
root /var/www/html;
}
return 301 https://server-3.squidproquo.io;
}
#customizes how to handle insecure connections
server {
# sets port for web server
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/server-3.squidproquo.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/server-3.squidproquo.io/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/server-3.squidproquo.io/chain.pem;
# sets ssl validation method to faster protocol
ssl_stapling on;
ssl_stapling_verify on;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_session_cache shared:ssl_cache:20m;
ssl_session_timeout 1d;
# sets server name to anonymous
server_name _;
root /var/www/html;
# sets files to load in root directory
index index.php index.html index.htm;
# customizes how to handle php files
location ~ \.php$ {
# loads files with initial http request
http2_push /index.php;
http2_push /assets/css/bootstrap.css;
http2_push /assets/css/style.css;
http2_push /media/555/1.webp;
http2_push /media/555/2.webp;
http2_push /media/555/3.webp;
http2_push /media/555/4.webp;
http2_push /media/555/5.webp;
http2_push /media/555/6.webp;
# enables php-fpm-socket to process php files
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
# loads files in specified sequence
try_files $uri $uri/ =404;
# customizes fastcgi-php
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
# customizes how to cache files on server
fastcgi_cache fastcgi_cache;
fastcgi_cache_valid any 1M;
fastcgi_cache_lock on;
fastcgi_cache_use_stale updating;
fastcgi_cache_background_update on;
fastcgi_buffers 8 8k;
}
# customizes how to handle website traffic for specified file extensions
location ~* \.(ico|css|js|jpeg|jpg|png|gif) {
# customizes how to cache files in browser
add_header cache-control public;
add_header pragma public;
add_header vary accept-encoding;
expires 1M;
}
# customizes how to handle website traffic for specified path
location ~ ^/media/(?<width>\d+)/(?<image>.+)$ {
# sends website traffic to server path
proxy_pass http://127.0.0.1:9000/media/$width/$image;
# customizes how to cache resized images on server
proxy_cache resize_cache;
proxy_cache_valid 200 1M;
proxy_cache_lock on;
proxy_cache_use_stale updating;
proxy_cache_background_update on;
proxy_buffers 8 8k;
# customizes how to cache files in browser
add_header cache-control public;
add_header pragma public;
add_header vary accept-encoding;
expires 1M;
}
}
# custoizes how to handle server traffic
server {
# sets port for server
listen 9000;
# customizes how to handle server traffic for specified path
location ~ ^/media/(?<width>\d+)/(?<image>.+)$ {
# customizes how to resize image
image_filter resize $width -;
image_filter_webp_quality 75;
image_filter_buffer 8M;
# sets absolute path to image
alias /var/www/html/assets/images/$image;
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment