]>
Commit | Line | Data |
---|---|---|
0ccf3faa | 1 | user nginx nginx; |
2 | worker_processes 5; | |
3 | error_log /var/log/nginx/nginx-standard_error.log; | |
4 | pid /var/run/nginx-standard.pid; | |
5 | ||
6 | events { | |
7 | worker_connections 2048; | |
8 | use epoll; | |
9 | } | |
10 | ||
11 | http { | |
12 | include /etc/nginx/mime.types; | |
13 | default_type application/octet-stream; | |
14 | ||
15 | log_format main '$remote_addr - $remote_user [$time_local] $request ' | |
16 | '"$status" $body_bytes_sent "$http_referer" ' | |
17 | '"$http_user_agent" "$http_x_forwarded_for"'; | |
18 | access_log /var/log/nginx/nginx-standard_access.log main; | |
19 | sendfile on; | |
20 | tcp_nopush on; | |
21 | tcp_nodelay on; | |
22 | server_names_hash_bucket_size 128; | |
3db17524 | 23 | types_hash_max_size 2048; |
24 | types_hash_bucket_size 64; | |
0ccf3faa | 25 | #keepalive_timeout 0; |
26 | keepalive_timeout 65; | |
27 | limit_zone test-limit $binary_remote_addr 10m; | |
28 | #gzip on; | |
ea30028e | 29 | #gzip_http_version 1.0; |
30 | #gzip_comp_level 2; | |
31 | #gzip_proxied any; | |
32 | #gzip_types text/plain text/html text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript; | |
0ccf3faa | 33 | |
34 | server { | |
35 | listen 80; | |
3874fa8c JK |
36 | |
37 | # listen 443 ssl; | |
3d3034b5 AM |
38 | |
39 | # Leave only secure protocols (so disable unsecure SSLv2/SSLv3) | |
4e35999b | 40 | # ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
3d3034b5 AM |
41 | |
42 | # https://wiki.mozilla.org/Security/Server_Side_TLS | |
43 | # perfect forward secrecy | |
d4cab47e | 44 | # ssl_prefer_server_ciphers on; |
3f78dfb7 | 45 | # ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-DSS-AES128-GCM-SHA256 kEDH+AESGCM ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-ECDSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-DSS-AES128-SHA256 DHE-RSA-AES256-SHA256 DHE-DSS-AES256-SHA DHE-RSA-AES256-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA AES CAMELLIA DES-CBC3-SHA !aNULL !eNULL !EXPORT !DES !RC4 !MD5 !PSK !aECDH !EDH-DSS-DES-CBC3-SHA !EDH-RSA-DES-CBC3-SHA !KRB5-DES-CBC3-SHA"; |
d4cab47e AM |
46 | |
47 | # Session resumption (caching) | |
48 | # ssl_session_cache shared:SSL:50m; | |
49 | # ssl_session_timeout 5m; | |
3d3034b5 | 50 | |
3874fa8c JK |
51 | # ssl_certificate /etc/nginx/server.crt; |
52 | # ssl_certificate_key /etc/nginx/server.key; | |
53 | ||
0ccf3faa | 54 | server_name localhost; |
55 | access_log /var/log/nginx/nginx-standard_access.log main; | |
56 | client_max_body_size 10M; | |
57 | ||
58 | location / { | |
59 | autoindex on; | |
60 | root /home/services/nginx/html; | |
61 | index index.html index.htm index.php; | |
62 | limit_conn test-limit 15; | |
63 | } | |
64 | ||
36b3be34 | 65 | include webapps.d/*.conf; |
0ccf3faa | 66 | |
67 | # location /nginx_status { | |
68 | # stub_status on; | |
69 | # access_log off; | |
70 | # allow 127.0.0.1; | |
71 | # deny all; | |
72 | # } | |
73 | ||
74 | # error_page 404 /404.html; | |
75 | # error_page 500 502 503 504 /50x.html; | |
76 | # location = /50x.html { | |
77 | # root /home/services/http/error-pages; | |
78 | # } | |
79 | # location = /404.html { | |
80 | # root /home/services/http/error-pages; | |
81 | # } | |
82 | ||
83 | # location ~ \.php$ { | |
84 | # include /etc/nginx/fastcgi.params; | |
85 | # fastcgi_pass 127.0.0.1:1026; | |
86 | # fastcgi_index index.php; | |
87 | # fastcgi_param SCRIPT_FILENAME /home/services/nginx/html$fastcgi_script_name; | |
88 | # } | |
89 | ||
90 | } | |
91 | ||
36b3be34 | 92 | include vhosts.d/*.conf; |
0ccf3faa | 93 | } |