nginx.conf

   1 user                    nginx nginx;
   2 error_log               /var/log/nginx/nginx-@type@_error.log;
   3 pid                     /var/run/nginx-@type@.pid;
   4
   5 events {
   6         worker_connections      2048;
   7         use epoll;
   8 }
   9
  10 http {
  11         include         /etc/nginx/mime.types;
  12         default_type    application/octet-stream;
  13
  14         log_format      main    '$remote_addr - $remote_user [$time_local] $request '
  15                                 '"$status" $body_bytes_sent "$http_referer" '
  16                                 '"$http_user_agent" "$http_x_forwarded_for"';
  17         access_log      /var/log/nginx/nginx-@type@_access.log  main;
  18
  19         server {
  20                 listen          80;
  21                 # listen 443 ssl;
  22
  23                 # https://wiki.mozilla.org/Security/Server_Side_TLS
  24
  25                 # Certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
  26                 #ssl_certificate /etc/nginx/server.crt;
  27                 #ssl_certificate_key /etc/nginx/server.key;
  28
  29                 # Session resumption (caching)
  30                 #ssl_session_timeout 1d;
  31                 #ssl_session_cache shared:SSL:50m;
  32                 #ssl_session_tickets off;
  33
  34                 # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
  35                 #ssl_dhparam /etc/nginx/dhparam.pem;
  36
  37                 # intermediate configuration. tweak to your needs.
  38                 #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  39                 #ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
  40                 #ssl_prefer_server_ciphers on;
  41
  42                 # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
  43                 #add_header Strict-Transport-Security max-age=15768000;
  44
  45                 # OCSP Stapling ---
  46                 # fetch OCSP records from URL in ssl_certificate and cache them
  47                 #ssl_stapling on;
  48                 #ssl_stapling_verify on;
  49
  50                 # verify chain of trust of OCSP response using Root CA and Intermediate certs
  51                 #ssl_trusted_certificate /etc/nginx/ca.crt;
  52
  53                 server_name     localhost;
  54                 access_log      /var/log/nginx/nginx-@type@_access.log main;
  55
  56                 location / {
  57                         autoindex       on;
  58                         root    /home/services/nginx/html;
  59                         index   index.html index.htm index.php;
  60                 }
  61
  62                 include webapps.d/*.conf;
  63         }
  64
  65         include vhosts.d/*.conf;
  66 }