]>
Commit | Line | Data |
---|---|---|
bfab979f ER |
1 | # For more information on configuration, see: |
2 | # * Official English Documentation: http://nginx.org/en/docs/ | |
3 | # * Official Russian Documentation: http://nginx.org/ru/docs/ | |
4 | ||
5 | user nginx nginx; | |
6 | worker_processes auto; | |
7 | error_log /var/log/nginx/error.log; | |
8 | pid /var/run/nginx.pid; | |
0ccf3faa | 9 | |
97ac281a ER |
10 | # Load dynamic modules first |
11 | include modules.d/*.conf; | |
12 | ||
0ccf3faa | 13 | events { |
bfab979f | 14 | worker_connections 2048; |
0ccf3faa | 15 | use epoll; |
16 | } | |
17 | ||
18 | http { | |
6b230b80 PS |
19 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' |
20 | '$status $body_bytes_sent "$http_referer" ' | |
bfab979f ER |
21 | '"$http_user_agent" "$http_x_forwarded_for"'; |
22 | access_log /var/log/nginx/access.log main; | |
23 | ||
24 | sendfile on; | |
25 | tcp_nopush on; | |
26 | tcp_nodelay on; | |
27 | keepalive_timeout 65; | |
28 | types_hash_max_size 2048; | |
29 | ||
30 | include /etc/nginx/mime.types; | |
31 | default_type application/octet-stream; | |
0ccf3faa | 32 | |
bfab979f ER |
33 | # Load modular configuration files from the /etc/nginx/conf.d directory. |
34 | # See http://nginx.org/en/docs/ngx_core_module.html#include | |
35 | # for more information. | |
36 | include /etc/nginx/conf.d/*.conf; | |
0ccf3faa | 37 | |
38 | server { | |
bfab979f ER |
39 | listen 80 default_server; |
40 | listen [::]:80 default_server; | |
41 | server_name _; | |
3d3034b5 | 42 | |
3d3034b5 | 43 | # https://wiki.mozilla.org/Security/Server_Side_TLS |
bfab979f ER |
44 | #listen 443 ssl http2 default_server; |
45 | #listen [::]:443 ssl http2 default_server; | |
548f12d1 ER |
46 | |
47 | # Certs sent to the client in SERVER HELLO are concatenated in ssl_certificate | |
48 | #ssl_certificate /etc/nginx/server.crt; | |
49 | #ssl_certificate_key /etc/nginx/server.key; | |
d4cab47e AM |
50 | |
51 | # Session resumption (caching) | |
548f12d1 ER |
52 | #ssl_session_timeout 1d; |
53 | #ssl_session_cache shared:SSL:50m; | |
54 | #ssl_session_tickets off; | |
55 | ||
56 | # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits | |
57 | #ssl_dhparam /etc/nginx/dhparam.pem; | |
58 | ||
6354aa36 | 59 | # modern tweak to your needs. |
4909bed3 | 60 | # https://ssl-config.mozilla.org/#server=nginx&server-version=1.17.0&config=intermediate |
548f12d1 | 61 | |
4909bed3 AM |
62 | # intermediate configuration |
63 | # ssl_protocols TLSv1.2 TLSv1.3; | |
64 | # ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; | |
65 | # ssl_prefer_server_ciphers off; | |
66 | ||
67 | # HSTS (ngx_http_headers_module is required) (63072000 seconds) | |
68 | # add_header Strict-Transport-Security "max-age=63072000" always; | |
548f12d1 ER |
69 | |
70 | # OCSP Stapling --- | |
71 | # fetch OCSP records from URL in ssl_certificate and cache them | |
72 | #ssl_stapling on; | |
73 | #ssl_stapling_verify on; | |
3d3034b5 | 74 | |
548f12d1 | 75 | # verify chain of trust of OCSP response using Root CA and Intermediate certs |
ac931e4f | 76 | #ssl_trusted_certificate /etc/nginx/ca.crt; |
3874fa8c | 77 | |
61cffbcc | 78 | access_log /var/log/nginx/access.log main; |
0ccf3faa | 79 | |
80 | location / { | |
81 | autoindex on; | |
82 | root /home/services/nginx/html; | |
83 | index index.html index.htm index.php; | |
0ccf3faa | 84 | } |
85 | ||
bfab979f | 86 | # Load configuration files for the default server block. |
36b3be34 | 87 | include webapps.d/*.conf; |
5d9f0850 | 88 | } |
0ccf3faa | 89 | |
36b3be34 | 90 | include vhosts.d/*.conf; |
0ccf3faa | 91 | } |