-
Notifications
You must be signed in to change notification settings - Fork 5
/
nginx.conf
157 lines (126 loc) · 5.42 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
###_ IMPLEMENT
###_ 1. Enable clickjacking protection. Disabled by default.
# nginx.conf
user www-data;
worker_processes 4;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
worker_rlimit_nofile 8192;
events {
worker_connections 4096;
## Accept as many connections as possible.
multi_accept on;
}
http {
## MIME types.
include mime.types;
default_type application/octet-stream;
## FastCGI.
include fastcgi.conf;
## Default log and error files.
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
## Use sendfile() syscall to speed up I/O operations and speed up
## static file serving.
sendfile on;
## Handling of IPs in proxied and load balancing situations.
set_real_ip_from 0.0.0.0/32; # all addresses get a real IP.
real_ip_header X-Forwarded-For; # the ip is forwarded from the load balancer/proxy
## Define a zone for limiting the number of simultaneous
## connections nginx accepts. 1m means 32000 simultaneous
## sessions. We need to define for each server the limit_conn
## value refering to this or other zones.
limit_conn_zone $binary_remote_addr zone=arbeit:10m;
## Timeouts.
client_body_timeout 60;
client_header_timeout 60;
keepalive_timeout 10 10;
send_timeout 60;
## Reset lingering timed out connections. Deflect DDoS.
reset_timedout_connection on;
## Body size.
client_max_body_size 10m;
## TCP options.
tcp_nodelay on;
## Optimization of socket handling when using sendfile.
tcp_nopush on;
## Compression.
gzip on;
gzip_buffers 16 8k;
gzip_comp_level 1;
gzip_http_version 1.1;
gzip_min_length 10;
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon application/vnd.ms-fontobject font/opentype application/x-font-ttf;
gzip_vary on;
gzip_proxied any; # Compression for all requests.
## No need for regexps. See
## http://wiki.nginx.org/NginxHttpGzipModule#gzip_disable
gzip_disable "msie6";
## Serve already compressed files directly, bypassing on-the-fly
## compression.
##
# Usually you don't make much use of this. It's better to just
# enable gzip_static on the locations you need it.
# gzip_static on;
## Hide the Nginx version number.
server_tokens off;
## Use a SSL/TLS cache for SSL session resume. This needs to be
## here (in this context, for session resumption to work. See this
## thread on the Nginx mailing list:
## http://nginx.org/pipermail/nginx/2010-November/023736.html.
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
## Uncomment to increase map_hash_bucket_size. If start getting
## [emerg]: could not build the map_hash, you should increase
## map_hash_bucket_size: 64 in your
## logs. Cf. http://wiki.nginx.org/NginxOptimizations.
## See http://wiki.nginx.org/HttpMapModule#map_hash_bucket_size
#map_hash_bucket_size 192;
## Uncomment to increase variables_hash_max_size if you start getting
## [emerg] could not build the variables_hash, you should increase
## either variables_hash_max_size: 512 or
## variables_hash_bucket_size: 64
## You only need to increase one. I chose to increase
## variables_hash_max_size to 1024 as this was recommended
## in nginx forum by developers.
## See this forum topic and responses
## http://forum.nginx.org/read.php?2,192277,192286#msg-192286
## See http://wiki.nginx.org/HttpCoreModule#variables_hash_bucket_size
## variables_hash_bucket_size was added for completeness but not
## changed from default.
#variables_hash_max_size 1024; # default 512
#variables_hash_bucket_size 64; # default is 64
## For the filefield_nginx_progress module to work. From the
## README. Reserve 1MB under the name 'uploads' to track uploads.
upload_progress uploads 1m;
## Enable clickjacking protection in modern browsers. Available in
## IE8 also. See
## https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header
## This may conflict with pseudo streaming (at least with Nginx version 1.0.12).
## Uncomment the line below if you're not using media streaming.
## For sites *using* frames uncomment the line below.
#add_header X-Frame-Options SAMEORIGIN;
## For sites *not* using frames uncomment the line below.
#add_header X-Frame-Options DENY;
## Block MIME type sniffing on IE.
add_header X-Content-Options nosniff;
## Include the upstream servers for PHP FastCGI handling
## configuration. This setup uses UNIX sockets for talking with the
## upstream.
include upstream_phpcgi_unix.conf;
## Include the map to block HTTP methods.
include map_block_http_methods.conf;
## Include the php-fpm status allowed hosts configuration block.
## Uncomment to enable if you're running php-fpm.
include php_fpm_status_allowed_hosts.conf;
## Include the Nginx stub status allowed hosts configuration block.
include nginx_status_allowed_hosts.conf;
## Include blacklist for bad bot and referer blocking.
include blacklist.conf;
## Include the caching setup. Needed for using Drupal with an external cache.
include map_cache.conf;
## Microcache zone definition for FastCGI.
include fastcgi_microcache_zone.conf;
## Include all vhosts.
include sites-enabled/*;
}