projects / packages / nginx.git / blame
| Commit | Line | Data |
|---|---|---|
| 0ccf3faa | 1 | user nginx nginx; |
| a8a40c5a ER |
2 | error_log /var/log/nginx/nginx-@type@_error.log; |
| 3 | pid /var/run/nginx-@type@.pid; | |
| 0ccf3faa | 4 | |
| 5 | events { | |
| 6 | worker_connections 2048; | |
| 7 | use epoll; | |
| 8 | } | |
| 9 | ||
| 10 | http { | |
| 11 | include /etc/nginx/mime.types; | |
| 12 | default_type application/octet-stream; | |
| 13 | ||
| 14 | log_format main '$remote_addr - $remote_user [$time_local] $request ' | |
| 15 | '"$status" $body_bytes_sent "$http_referer" ' | |
| 16 | '"$http_user_agent" "$http_x_forwarded_for"'; | |
| a8a40c5a | 17 | access_log /var/log/nginx/nginx-@type@_access.log main; |
| 0ccf3faa | 18 | |
| 19 | server { | |
| 20 | listen 80; | |
| 3874fa8c | 21 | # listen 443 ssl; |
| 3d3034b5 | 22 | |
| 3d3034b5 | 23 | # https://wiki.mozilla.org/Security/Server_Side_TLS |
| 548f12d1 ER |
24 | |
| 25 | # Certs sent to the client in SERVER HELLO are concatenated in ssl_certificate | |
| 26 | #ssl_certificate /etc/nginx/server.crt; | |
| 27 | #ssl_certificate_key /etc/nginx/server.key; | |
| d4cab47e AM |
28 | |
| 29 | # Session resumption (caching) | |
| 548f12d1 ER |
30 | #ssl_session_timeout 1d; |
| 31 | #ssl_session_cache shared:SSL:50m; | |
| 32 | #ssl_session_tickets off; | |
| 33 | ||
| 34 | # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits | |
| 35 | #ssl_dhparam /etc/nginx/dhparam.pem; | |
| 36 | ||
| 37 | # intermediate configuration. tweak to your needs. | |
| 38 | #ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| 39 | #ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; | |
| 40 | #ssl_prefer_server_ciphers on; | |
| 41 | ||
| 42 | # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) | |
| 43 | #add_header Strict-Transport-Security max-age=15768000; | |
| 44 | ||
| 45 | # OCSP Stapling --- | |
| 46 | # fetch OCSP records from URL in ssl_certificate and cache them | |
| 47 | #ssl_stapling on; | |
| 48 | #ssl_stapling_verify on; | |
| 3d3034b5 | 49 | |
| 548f12d1 ER |
50 | # verify chain of trust of OCSP response using Root CA and Intermediate certs |
| 51 | #ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates; | |
| 3874fa8c | 52 | |
| 0ccf3faa | 53 | server_name localhost; |
| a8a40c5a | 54 | access_log /var/log/nginx/nginx-@type@_access.log main; |
| 0ccf3faa | 55 | |
| 56 | location / { | |
| 57 | autoindex on; | |
| 58 | root /home/services/nginx/html; | |
| 59 | index index.html index.htm index.php; | |
| 0ccf3faa | 60 | } |
| 61 | ||
| 36b3be34 | 62 | include webapps.d/*.conf; |
| 5d9f0850 | 63 | } |
| 0ccf3faa | 64 | |
| 36b3be34 | 65 | include vhosts.d/*.conf; |
| 0ccf3faa | 66 | } |