]>
Commit | Line | Data |
---|---|---|
1 | user nginx nginx; | |
2 | error_log /var/log/nginx/nginx-@type@_error.log; | |
3 | pid /var/run/nginx-@type@.pid; | |
4 | ||
5 | events { | |
6 | worker_connections 2048; | |
7 | use epoll; | |
8 | } | |
9 | ||
10 | http { | |
11 | include /etc/nginx/mime.types; | |
12 | default_type application/octet-stream; | |
13 | ||
14 | log_format main '$remote_addr - $remote_user [$time_local] $request ' | |
15 | '"$status" $body_bytes_sent "$http_referer" ' | |
16 | '"$http_user_agent" "$http_x_forwarded_for"'; | |
17 | access_log /var/log/nginx/nginx-@type@_access.log main; | |
18 | ||
19 | server { | |
20 | listen 80; | |
21 | # listen 443 ssl; | |
22 | ||
23 | # Leave only secure protocols (so disable unsecure SSLv2/SSLv3) | |
24 | # ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
25 | ||
26 | # https://wiki.mozilla.org/Security/Server_Side_TLS | |
27 | # perfect forward secrecy | |
28 | # ssl_prefer_server_ciphers on; | |
29 | # ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-DSS-AES128-GCM-SHA256 kEDH+AESGCM ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-ECDSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-DSS-AES128-SHA256 DHE-RSA-AES256-SHA256 DHE-DSS-AES256-SHA DHE-RSA-AES256-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA AES CAMELLIA DES-CBC3-SHA !aNULL !eNULL !EXPORT !DES !RC4 !MD5 !PSK !aECDH !EDH-DSS-DES-CBC3-SHA !EDH-RSA-DES-CBC3-SHA !KRB5-DES-CBC3-SHA"; | |
30 | ||
31 | # Session resumption (caching) | |
32 | # ssl_session_cache shared:SSL:50m; | |
33 | # ssl_session_timeout 5m; | |
34 | ||
35 | # ssl_certificate /etc/nginx/server.crt; | |
36 | # ssl_certificate_key /etc/nginx/server.key; | |
37 | ||
38 | server_name localhost; | |
39 | access_log /var/log/nginx/nginx-@type@_access.log main; | |
40 | ||
41 | location / { | |
42 | autoindex on; | |
43 | root /home/services/nginx/html; | |
44 | index index.html index.htm index.php; | |
45 | } | |
46 | ||
47 | include webapps.d/*.conf; | |
48 | } | |
49 | ||
50 | include vhosts.d/*.conf; | |
51 | } |