1 # For more information on configuration, see:
2 # * Official English Documentation: http://nginx.org/en/docs/
3 # * Official Russian Documentation: http://nginx.org/ru/docs/
7 error_log /var/log/nginx/error.log;
8 pid /var/run/nginx.pid;
10 # Load dynamic modules first
11 include modules.d/*.conf;
14 worker_connections 2048;
19 log_format main '$remote_addr - $remote_user [$time_local] "$request" '
20 '$status $body_bytes_sent "$http_referer" '
21 '"$http_user_agent" "$http_x_forwarded_for"';
22 access_log /var/log/nginx/access.log main;
28 types_hash_max_size 2048;
30 include /etc/nginx/mime.types;
31 default_type application/octet-stream;
33 # Load modular configuration files from the /etc/nginx/conf.d directory.
34 # See http://nginx.org/en/docs/ngx_core_module.html#include
35 # for more information.
36 include /etc/nginx/conf.d/*.conf;
39 listen 80 default_server;
40 listen [::]:80 default_server;
43 # https://wiki.mozilla.org/Security/Server_Side_TLS
44 #listen 443 ssl http2 default_server;
45 #listen [::]:443 ssl http2 default_server;
47 # Certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
48 #ssl_certificate /etc/nginx/server.crt;
49 #ssl_certificate_key /etc/nginx/server.key;
51 # Session resumption (caching)
52 #ssl_session_timeout 1d;
53 #ssl_session_cache shared:SSL:50m;
54 #ssl_session_tickets off;
56 # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
57 #ssl_dhparam /etc/nginx/dhparam.pem;
59 # modern tweak to your needs.
60 # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.14.0&openssl=1.1.1&hsts=yes&profile=modern
61 #ssl_protocols TLSv1.2 TLSv1.3;
62 #ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
63 #ssl_prefer_server_ciphers on;
65 # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
66 #add_header Strict-Transport-Security max-age=15768000;
69 # fetch OCSP records from URL in ssl_certificate and cache them
71 #ssl_stapling_verify on;
73 # verify chain of trust of OCSP response using Root CA and Intermediate certs
74 #ssl_trusted_certificate /etc/nginx/ca.crt;
76 access_log /var/log/nginx/access.log main;
80 root /home/services/nginx/html;
81 index index.html index.htm index.php;
84 # Load configuration files for the default server block.
85 include webapps.d/*.conf;
88 include vhosts.d/*.conf;