-
-
Save valeriansaliou/d641eb8be465e4bf666e to your computer and use it in GitHub Desktop.
Jappix.com - NGINX global configuration file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## | |
| # @server jappix | |
| # @desc nginx configuration file | |
| # @author Valerian Saliou <valerian@valeriansaliou.name> | |
| ## | |
| user www-data; | |
| worker_processes 2; | |
| worker_rlimit_nofile 21000; | |
| pid /var/run/nginx.pid; | |
| events { | |
| use epoll; | |
| worker_connections 20000; | |
| multi_accept on; | |
| } | |
| http { | |
| ## | |
| # Basic Settings | |
| ## | |
| keepalive_timeout 30; | |
| types_hash_max_size 2048; | |
| index index.html index.htm index.php; | |
| include /etc/nginx/mime.types; | |
| default_type application/octet-stream; | |
| ## | |
| # Safety Settings | |
| ## | |
| server_tokens off; | |
| disable_symlinks if_not_owner; | |
| add_header X-Frame-Options SAMEORIGIN; | |
| add_header X-Content-Type-Options nosniff; | |
| add_header X-XSS-Protection "1; mode=block"; | |
| ## | |
| # Performance Settings | |
| ## | |
| sendfile on; | |
| tcp_nopush on; | |
| tcp_nodelay on; | |
| open_file_cache max=50000 inactive=20s; | |
| open_file_cache_valid 30s; | |
| open_file_cache_min_uses 2; | |
| open_file_cache_errors on; | |
| reset_timedout_connection on; | |
| client_body_timeout 10; | |
| client_max_body_size 32m; | |
| send_timeout 2; | |
| ## | |
| # DDoS Protection Settings | |
| ## | |
| client_body_buffer_size 128k; | |
| large_client_header_buffers 4 256k; | |
| limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m; | |
| limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=50r/s; | |
| limit_conn conn_limit_per_ip 20; | |
| limit_req zone=req_limit_per_ip burst=20; | |
| ## | |
| # Logging Settings | |
| ## | |
| log_format extended '$remote_addr - $remote_user [$time_local] ' | |
| '"$request" $status $bytes_sent ' | |
| '"$http_referer" "$http_user_agent"'; | |
| access_log /var/log/nginx/default/access.log.gz extended gzip=6 buffer=64k; | |
| error_log /var/log/nginx/default/error.log crit; | |
| ## | |
| # Gzip Settings | |
| ## | |
| gzip on; | |
| gzip_disable "MSIE [1-6]\."; | |
| gzip_vary on; | |
| gzip_proxied any; | |
| gzip_types text/plain application/javascript application/x-javascript application/json text/css image/svg+xml; | |
| ## | |
| # SSL Settings | |
| ## | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4'; | |
| ssl_prefer_server_ciphers on; | |
| ssl_session_cache shared:SSL:50m; | |
| ssl_session_timeout 5m; | |
| ssl_certificate /[OBFUSCATED]/jappix.com.bundle.pem; | |
| ssl_certificate_key /[OBFUSCATED]/jappix.com.key; | |
| ssl_dhparam /[OBFUSCATED]/dhparam.pem; | |
| ssl_stapling on; | |
| ssl_stapling_verify on; | |
| ssl_trusted_certificate /[OBFUSCATED]/ca.all.pem; | |
| ## | |
| # Connection Settings | |
| ## | |
| map $http_upgrade $connection_upgrade { | |
| default upgrade; | |
| '' close; | |
| } | |
| ## | |
| # Virtual Host Configs | |
| ## | |
| include /etc/nginx/conf.d/*.conf; | |
| include /etc/nginx/sites-available/*; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment