]>
Commit | Line | Data |
---|---|---|
0ccf3faa | 1 | user nginx nginx; |
a8a40c5a ER |
2 | error_log /var/log/nginx/nginx-@type@_error.log; |
3 | pid /var/run/nginx-@type@.pid; | |
0ccf3faa | 4 | |
5 | events { | |
6 | worker_connections 2048; | |
7 | use epoll; | |
8 | } | |
9 | ||
10 | http { | |
11 | include /etc/nginx/mime.types; | |
12 | default_type application/octet-stream; | |
13 | ||
14 | log_format main '$remote_addr - $remote_user [$time_local] $request ' | |
15 | '"$status" $body_bytes_sent "$http_referer" ' | |
16 | '"$http_user_agent" "$http_x_forwarded_for"'; | |
a8a40c5a | 17 | access_log /var/log/nginx/nginx-@type@_access.log main; |
0ccf3faa | 18 | |
19 | server { | |
20 | listen 80; | |
3874fa8c | 21 | # listen 443 ssl; |
3d3034b5 AM |
22 | |
23 | # Leave only secure protocols (so disable unsecure SSLv2/SSLv3) | |
4e35999b | 24 | # ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
3d3034b5 AM |
25 | |
26 | # https://wiki.mozilla.org/Security/Server_Side_TLS | |
27 | # perfect forward secrecy | |
d4cab47e | 28 | # ssl_prefer_server_ciphers on; |
3f78dfb7 | 29 | # ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-DSS-AES128-GCM-SHA256 kEDH+AESGCM ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-ECDSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-DSS-AES128-SHA256 DHE-RSA-AES256-SHA256 DHE-DSS-AES256-SHA DHE-RSA-AES256-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA AES CAMELLIA DES-CBC3-SHA !aNULL !eNULL !EXPORT !DES !RC4 !MD5 !PSK !aECDH !EDH-DSS-DES-CBC3-SHA !EDH-RSA-DES-CBC3-SHA !KRB5-DES-CBC3-SHA"; |
d4cab47e AM |
30 | |
31 | # Session resumption (caching) | |
32 | # ssl_session_cache shared:SSL:50m; | |
33 | # ssl_session_timeout 5m; | |
3d3034b5 | 34 | |
3874fa8c JK |
35 | # ssl_certificate /etc/nginx/server.crt; |
36 | # ssl_certificate_key /etc/nginx/server.key; | |
37 | ||
0ccf3faa | 38 | server_name localhost; |
a8a40c5a | 39 | access_log /var/log/nginx/nginx-@type@_access.log main; |
0ccf3faa | 40 | |
41 | location / { | |
42 | autoindex on; | |
43 | root /home/services/nginx/html; | |
44 | index index.html index.htm index.php; | |
0ccf3faa | 45 | } |
46 | ||
36b3be34 | 47 | include webapps.d/*.conf; |
5d9f0850 | 48 | } |
0ccf3faa | 49 | |
36b3be34 | 50 | include vhosts.d/*.conf; |
0ccf3faa | 51 | } |