martin/usefulfiles
martin/usefulfiles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
master
usefulfiles/scripts/nginx.conf
Martin Donnelly 3015aac6d6 Updated cv
2016-05-25 16:48:55 +01:00

216 lines
8.5 KiB
Nginx Configuration File
Raw Permalink Blame History

# Run as a less privileged user for security reasons.
#user www-data;
# The maximum number of connections for Nginx is calculated by:
# max_clients = worker_processes * worker_connections
# It is better if you set the worker_processes count 1 less than your cpu cores. You have other processes running as well!
worker_processes 1;
# Maximum open file descriptors per process;
# should be > worker_connections.
worker_rlimit_nofile 50000;
pid /run/nginx.pid;
events {
# When you need > 8000 * cpu_cores connections, you start optimizing your OS,
# and this is probably the point at which you hire people who are smarter than
# you, as this is *a lot* of requests.
worker_connections 4096 ;
use epoll;
# accept_mutex off;
# Accept as many connections as possible.
multi_accept on;
}
http {
############################################################################ General Settings
# Define the MIME types for files.
# Usually located at mime.types;
include mime.types;
default_type application/octet-stream;
# Update charset_types due to updated mime.types
charset_types text/xml text/plain text/vnd.wap.wml application/x-javascript application/rss+xml text/css application/javascript application/json;
client_max_body_size 20m;
client_body_buffer_size 128k;
large_client_header_buffers 2 1k;
## Hide the Nginx version number.
server_tokens off;
server_names_hash_bucket_size 512;
server_names_hash_max_size 512;
server_name_in_redirect off;
variables_hash_max_size 2048;
variables_hash_bucket_size 64;
# Speed up file transfers by using sendfile() to copy directly
# between descriptors rather than using read()/write().
sendfile on;
# Tell Nginx not to send out partial frames; this increases throughput
# since TCP frames are filled up before being sent out. (adds TCP_CORK)
tcp_nopush on;
# Tell Nginx to enable the Nagle buffering algorithm for TCP packets, which
# collates several smaller packets together into one larger packet, thus saving
# bandwidth at the cost of a nearly imperceptible increase to latency. (removes TCP_NODELAY)
tcp_nodelay on;
# Don't put the IP to the end of url when there's a redirection
port_in_redirect off;
# Let's make a lot of keepalive requests possible
keepalive_requests 100000;
# How long to allow each connection to stay idle; longer values are better
# for each individual client, particularly for SSL, but means that worker
# connections are tied up longer. (Default: 65)
keepalive_timeout 30;
client_body_timeout 30;
client_header_timeout 60;
send_timeout 30;
## Reset lingering timed out connections. Deflect DDoS.
reset_timedout_connection on;
############################################################################ Gzip Settings
# Enable Gzip compressed.
# Pagespeed might not allow us to turn it on
gzip on;
gzip_buffers 16 8k;
# This feature allow you to use static GZipped versions of your files (you need to create them yourself) and serve those gzipped files directly through Nginx. Nginx just looks for a filename identical to the one requested by the browsers, but with a “.gz” extension (eg. if 'index.html' is requested, nginx will look for a 'index.html.gz' file next to it). If it exists, Nginx serves this -already compressed- file and does not perform gzip compression, thus reducing CPU overhead and response time.
gzip_static on;
# Enable compression both for HTTP/1.0 and HTTP/1.1 (required for CloudFront).
gzip_http_version 1.1;
# Compression level (1-9).
# 5 is a perfect compromise between size and cpu usage, offering about
# 75% reduction for most ascii files (almost identical to level 9).
gzip_comp_level 7;
# Don't compress anything that's already small and unlikely to shrink much
# if at all (the default is 20 bytes, which is bad as that usually leads to
# larger files after gzipping).
gzip_min_length 1064;
# Compress data even for clients that are connecting to us via proxies,
# identified by the "Via" header (required for CloudFront).
gzip_proxied expired no-cache no-store private auth;
# Tell proxies to cache both the gzipped and regular version of a resource
# whenever the clients Accept-Encoding capabilities header varies;
# Avoids the issue where a non-gzip capable client (which is extremely rare
# today) would display gibberish if their proxy gave them the gzipped version.
gzip_vary on;
# Disable gzip for non-supporting browsers.
gzip_disable "MSIE [1-6]\.";
# Compress all output labeled with one of the following MIME-types.
gzip_types application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/x-javascript
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
image/bmp
text/css
text/richtext
text/xsd
text/xsl
text/xml
text/plain
text/x-component
text/javascript;
#text/html is always compressed by HttpGzipModule
############################################################################ Caching
# Define a cache path for fastcgi caching under the zone name microcache
fastcgi_cache_path /var/cache/nginx/ levels=1:2 keys_zone=microcache:10m max_size=1000m inactive=60m;
proxy_cache_path /var/cache/nginx/proxy/ levels=1:2 keys_zone=proxy:10m;
# Improve static content handling by caching metadata, not the files itself
open_file_cache max=1000 inactive=1h;
open_file_cache_valid 2h;
open_file_cache_min_uses 1;
open_file_cache_errors on;
# Define a zone for limiting the number of simultaneous
# connections nginx accepts. 1m means 32000 simultaneous
# sessions. We need to define for each server the limit_conn
# value refering to this or other zones.
# ** This syntax requires nginx version >=
# ** 1.1.8. Cf. http://nginx.org/en/CHANGES. If using an older
# ** version then use the limit_zone directive below
# ** instead. Comment out this
# ** one if not using nginx version >= 1.1.8.
# limit_conn_zone $binary_remote_addr zone=arbeit:10m;
# For the filefield_nginx_progress module to work. From the
# README. Reserve 1MB under the name 'uploads' to track uploads.
# upload_progress uploads 1m;
############################################################################ Security
# Enable the builtin cross-site scripting (XSS) filter available
# in modern browsers. Usually enabled by default we just
# reinstate in case it has been somehow disabled for this
# particular server instance.
# https://www.owasp.org/index.php/List_of_useful_HTTP_headers.
add_header X-XSS-Protection '1; mode=block';
# Enable clickjacking protection in modern browsers. Available in
# IE8 also. See
# https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header
# This may conflicts with pseudo streaming (at least with Nginx version 1.0.12).
# Uncomment the line below if you are not using media streaming.
# For sites being framing on the same domqin uncomment the line below.
#add_header X-Frame-Options SAMEORIGIN;
# For sites accepting to be framed in any context comment the
# line below.
add_header X-Frame-Options DENY;
## Block MIME type sniffing on IE.
add_header X-Content-Options nosniff;
############################################################################ Logging
log_format custom '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
#log_format varnish_log '$http_x_forwarded_for - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent "$http_referer" ' ;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
############################################################################ Pagespeed
# Edit this file to add your domain.
# https://developers.google.com/speed/pagespeed/module/domains
# include conf.d/pagespeed/pagespeed.conf;
# Virtual Host Configs
include conf.d/*.conf;
# include sites-enabled/*;
############################################################################ CLOUDFLARE GET REALIP PROBE
# include nomad-conf/realip.add;
}
Reference in New Issue View Git Blame Copy Permalink