Main Nginx conf

nginx.conf

user www www;
worker_processes auto;
error_log /www/wwwlogs/nginx_error.log warn;
pid /www/server/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;

events
{
  use epoll;
  worker_connections 51200;
  multi_accept on;
}

http
{
  include mime.types;
  #include luawaf.conf;

  include proxy.conf;
  log_format main_ext '$remote_addr - $remote_user [$time_local] "$request" '
  '$status $body_bytes_sent "$http_referer" '
  '"$http_user_agent" "$http_x_forwarded_for" '
  '"$host" sn="$server_name" '
  'rt=$request_time '
  'ua="$upstream_addr" us="$upstream_status" '
  'ut="$upstream_response_time" ul="$upstream_response_length" '
  'cs=$upstream_cache_status' ;

  default_type application/octet-stream;

  server_names_hash_bucket_size 512;
  client_header_buffer_size 64k;
  large_client_header_buffers 4 32k;
  client_max_body_size 256m;

  sendfile on;
  tcp_nopush on;

  keepalive_timeout 120;

  tcp_nodelay on;
  
  # Enable it
  pagespeed on;

  pagespeed FileCachePath "/mnt/ram/pagespeed/";
  pagespeed EnableCachePurge on;
  pagespeed FileCacheSizeKb            102400;
  pagespeed FileCacheCleanIntervalMs   3600000;
  pagespeed FileCacheInodeLimit        500000;
  
  # Default 所有 resource link 的 Relativity link 都會轉成 absolute URLs
  # Original URL:     foo/bar.png
  # Rewritten URL:    foo/bar.png.pagespeed.ic.Hash.png
  pagespeed PreserveUrlRelativity on;
  # Lower-casing HTML element and attribute names
  pagespeed LowercaseHtmlNames on;
  # Filter settings

  # 為了簡化 pagespeed 的 Setting 而設
  # Setting 分別有 PassThrough, CoreFilters(default), and OptimizeForBandwidth
  pagespeed RewriteLevel CoreFilters;

  # Filters enabled outside of CoreFilters
  pagespeed EnableFilters prioritize_critical_css;
  pagespeed EnableFilters defer_javascript;
  pagespeed EnableFilters sprite_images;
  pagespeed EnableFilters rewrite_images;
  pagespeed EnableFilters recompress_png;
  pagespeed EnableFilters convert_png_to_jpeg,convert_jpeg_to_webp;
  pagespeed EnableFilters responsive_images,resize_images;
  pagespeed EnableFilters collapse_whitespace,remove_comments;

  # pagespeed DisableFilters filtera,filterb;

  # CSS and Image rewrites are randomly dropped => To reduce processing load
  pagespeed RewriteRandomDropPercentage 1;

  # The beacon is a POST request sent back by JavaScript inserted into the page by the filter.
  # Beacon to collect information about the rewritten page so as to optimize the rewriting process.
  pagespeed CriticalImagesBeaconEnabled true;
  
  pagespeed Domain http*://uhl.site;
  pagespeed LoadFromFile "https://uhl.site" "/www/wwwroot/uhl.site";
  pagespeed MapOriginDomain "http://uhl.site" "https://uhl.site";
  pagespeed LazyloadImagesBlankUrl "https://www.gstatic.com/psa/static/1.gif";
  
  pagespeed SslCertDirectory /etc/pki/tls/certs;
  pagespeed SslCertFile file;
  
  pagespeed EnableFilters lazyload_images;
  pagespeed EnableFilters insert_dns_prefetch;
  pagespeed EnableFilters in_place_optimize_for_browser;
  pagespeed Allow wildcard_spec;
  pagespeed AllowVaryOn "Auto";
  pagespeed ModPagespeedRespectXForwardedProto on;
  pagespeed ModPagespeedFetchHttps enable;
  
  pagespeed PrivateNotVaryForIE off;
  
  pagespeed MemcachedServers "127.0.0.1:11211";
  pagespeed MemcachedTimeoutUs 1000000;
  pagespeed MaxSegmentLength 250;
  pagespeed HttpCacheCompressionLevel 0;
  
  fastcgi_connect_timeout 300;
  fastcgi_send_timeout 300;
  fastcgi_read_timeout 300;
  fastcgi_buffer_size 64k;
  fastcgi_buffers 4 64k;
  fastcgi_busy_buffers_size 128k;
  fastcgi_temp_file_write_size 256k;
  fastcgi_intercept_errors on;

  gzip on;
  gzip_min_length 1k;
  gzip_buffers 4 16k;
  gzip_http_version 1.1;
  gzip_comp_level 8;

  gzip_types
  text/plain
  text/css
  text/xml
  text/javascript
  image/svg+xml
  application/json
  application/javascript
  application/xml
  application/atom+xml
  application/xml+rss
  font/opentype
  font/otf
  font/ttf;

  gzip_vary on;
  gzip_proxied expired no-cache no-store private auth;
  gzip_disable "MSIE [1-6]\.";

  # turn on brotli compression
  brotli on;
  # based on research at Akamai: https://blogs.akamai.com/2016/02/understanding-brotlis-potential.html
  brotli_comp_level 8;
  # enable static file serving, whevere available
  brotli_static on;
  
  brotli_types
  text/plain
  text/css
  text/xml
  text/javascript
  image/svg+xml
  application/json
  application/javascript
  application/xml
  application/atom+xml
  application/xml+rss
  font/opentype
  font/otf
  font/ttf;

  limit_conn_zone $binary_remote_addr zone=perip:10m;
  limit_conn_zone $server_name zone=perserver:10m;

  server_tokens off;
  access_log off;

  server
  {
    listen 888;
    server_name _phpmyadmin;
    index index.html index.htm index.php;
    root /www/server/phpmyadmin;
            location ~ /tmp/ {
                return 403;
            }
    #SSL-START SSL相关配置，请勿删除或修改下一行带注释的404规则
    #error_page 404/404.html;
    ssl_certificate /www/server/panel/ssl/certificate.pem;
    ssl_certificate_key /www/server/panel/ssl/privateKey.pem;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    error_page 497 https://$host$request_uri;
    #SSL-END

    #error_page   404   /404.html;
    include enable-php.conf;

    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
      expires 30d;
    }

    location ~ .*\.(js|css)?$
    {
      expires 12h;
    }

    location ~ /\.
    {
      deny all;
    }

    access_log /www/wwwlogs/access.log main_ext;
  }
  include /www/server/panel/vhost/nginx/*.conf;
}