Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
NGINX application router
# Borrowed some configuration from
# Default: nobody nobody
user nginx;
# Sets the worker threads to the number of CPU cores available in the system for best performance.
# Should be > the number of CPU cores.
# Maximum number of connections = worker_processes * worker_connections
# Default: 1
worker_processes auto;
# Log errors and warnings to standard output
# This is only used when you don't override it on a server{} level
# Default: logs/error.log error
error_log /dev/stdout info;
# The file storing the process ID of the main process
# Default:
pid /var/run/;
events {
# If you need more connections than this, you start optimizing your OS.
# That's probably the point at which you hire people who are smarter than you as this is *a lot* of requests.
# Should be < worker_rlimit_nofile.
# Default: 512
worker_connections 8000;
http {
# Hide nginx version information.
# Default: on
server_tokens off;
# Specify MIME types for files.
include /etc/nginx/mime.types;
# Default: text/plain
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# Log access.
# This is only used when you don't override it on a server{} level
# Default: logs/access.log combined
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log warn;
# Speed up file transfers by using sendfile() to copy directly
# between descriptors rather than using read()/write().
# For performance reasons, on FreeBSD systems w/ ZFS
# this option should be disabled as ZFS's ARC caches
# frequently used files in RAM by default.
# Default: off
sendfile on;
# How long to allow each connection to stay idle.
# Longer values are better for each individual client, particularly for SSL,
# but means that worker connections are tied up longer.
# Default: 75s
keepalive_timeout 20s;
# Enable gzip compression.
# Default: off
gzip on;
# Compression level (1-9).
# 5 is a perfect compromise between size and CPU usage, offering about
# 75% reduction for most ASCII files (almost identical to level 9).
# Default: 1
gzip_comp_level 5;
# Don't compress anything that's already small and unlikely to shrink much
# if at all (the default is 20 bytes, which is bad as that usually leads to
# larger files after gzipping).
# Default: 20
gzip_min_length 256;
# Compress data even for clients that are connecting to us via proxies,
# identified by the "Via" header (required for CloudFront).
# Default: off
gzip_proxied any;
# Tell proxies to cache both the gzipped and regular version of a resource
# whenever the client's Accept-Encoding capabilities header varies;
# Avoids the issue where a non-gzip capable client (which is extremely rare
# today) would display gibberish if their proxy gave them the gzipped version.
# Default: off
gzip_vary on;
# Improve HTTPS performance with session resumption
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_certificate /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;
# Enable server-side protection against BEAST attacks
ssl_prefer_server_ciphers on;
# Disable SSLv3
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# Redirect all HTTP traffic to HTTPS
server {
listen 80;
return 301 https://$host$request_uri;
server {
listen 443 ssl;
location / {
server {
listen 443 ssl;
location / {
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment