nlenkowski/nginx.conf

## nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
	worker_connections 1024;
	multi_accept on;
}

http {

	# HTTP
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;

	# MIME Types
	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	# Limits & Timeouts
	keepalive_timeout 15;
	send_timeout 30;
	client_body_timeout 30;
	client_header_timeout 30;
	client_max_body_size 64m;

	# Logs
	error_log /var/log/nginx/error.log warn;
	access_log /var/log/nginx/access.log;

	# Gzip
	gzip on;
	gzip_disable "msie6";
	gzip_vary on;
	gzip_proxied any;
	gzip_comp_level 5;
	gzip_http_version 1.1;
	gzip_min_length 256;
	gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

	# SSL
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 1h;
	add_header Strict-Transport-Security "max-age=31536000";

	# Security
	server_tokens off;
	add_header X-Frame-Options "SAMEORIGIN" always;
	add_header X-Content-Type-Options "nosniff" always;
	add_header X-Xss-Protection "1; mode=block" always;

	# Modules
	include /etc/nginx/conf.d/*.conf;

	# Sites
	include /etc/nginx/sites-enabled/*;

	# Default Server
	server {
		listen 80 default_server;
		listen [::]:80 default_server;
		server_name _;
		return 444;
	}
}
	user www-data;
	worker_processes auto;
	pid /run/nginx.pid;

	events {
	worker_connections 1024;
	multi_accept on;
	}

	http {

	# HTTP
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;

	# MIME Types
	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	# Limits & Timeouts
	keepalive_timeout 15;
	send_timeout 30;
	client_body_timeout 30;
	client_header_timeout 30;
	client_max_body_size 64m;

	# Logs
	error_log /var/log/nginx/error.log warn;
	access_log /var/log/nginx/access.log;

	# Gzip
	gzip on;
	gzip_disable "msie6";
	gzip_vary on;
	gzip_proxied any;
	gzip_comp_level 5;
	gzip_http_version 1.1;
	gzip_min_length 256;
	gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

	# SSL
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 1h;
	add_header Strict-Transport-Security "max-age=31536000";

	# Security
	server_tokens off;
	add_header X-Frame-Options "SAMEORIGIN" always;
	add_header X-Content-Type-Options "nosniff" always;
	add_header X-Xss-Protection "1; mode=block" always;

	# Modules
	include /etc/nginx/conf.d/*.conf;

	# Sites
	include /etc/nginx/sites-enabled/*;

	# Default Server
	server {
	listen 80 default_server;
	listen [::]:80 default_server;
	server_name _;
	return 444;
	}
	}