[packages/nginx.git] / nginx.conf

user			nginx nginx;
error_log		/var/log/nginx/nginx-@type@_error.log;
pid			/var/run/nginx-@type@.pid;

events {
	worker_connections	2048;
	use epoll;
}

http {
	include		/etc/nginx/mime.types;
	default_type	application/octet-stream;

	log_format	main	'$remote_addr - $remote_user [$time_local] $request '
				'"$status" $body_bytes_sent "$http_referer" '
				'"$http_user_agent" "$http_x_forwarded_for"';
	access_log	/var/log/nginx/nginx-@type@_access.log	main;

	server {
		listen		80;
		# listen 443 ssl;

		# Leave only secure protocols (so disable unsecure SSLv2/SSLv3)
		# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

		# https://wiki.mozilla.org/Security/Server_Side_TLS
		# perfect forward secrecy
		# ssl_prefer_server_ciphers on;
		# ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-DSS-AES128-GCM-SHA256 kEDH+AESGCM ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-ECDSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-DSS-AES128-SHA256 DHE-RSA-AES256-SHA256 DHE-DSS-AES256-SHA DHE-RSA-AES256-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA AES CAMELLIA DES-CBC3-SHA !aNULL !eNULL !EXPORT !DES !RC4 !MD5 !PSK !aECDH !EDH-DSS-DES-CBC3-SHA !EDH-RSA-DES-CBC3-SHA !KRB5-DES-CBC3-SHA";

		# Session resumption (caching)
		# ssl_session_cache shared:SSL:50m;
		# ssl_session_timeout 5m;

		# ssl_certificate /etc/nginx/server.crt;
		# ssl_certificate_key /etc/nginx/server.key;

		server_name	localhost;
		access_log	/var/log/nginx/nginx-@type@_access.log main;

		location / {
			autoindex	on;
			root	/home/services/nginx/html;
			index	index.html index.htm index.php;
		}

		include webapps.d/*.conf;
	}

	include vhosts.d/*.conf;
}
Commit	Line	Data
0ccf3faa	1	user nginx nginx;
a8a40c5a ER	2	error_log /var/log/nginx/nginx-@type@_error.log;
a8a40c5a ER	3	pid /var/run/nginx-@type@.pid;
0ccf3faa	4
	5	events {
	6	worker_connections 2048;
	7	use epoll;
	8	}
	9
	10	http {
	11	include /etc/nginx/mime.types;
	12	default_type application/octet-stream;
	13
	14	log_format main '$remote_addr - $remote_user [$time_local] $request '
	15	'"$status" $body_bytes_sent "$http_referer" '
	16	'"$http_user_agent" "$http_x_forwarded_for"';
a8a40c5a	17	access_log /var/log/nginx/nginx-@type@_access.log main;
0ccf3faa	18
	19	server {
	20	listen 80;
3874fa8c	21	# listen 443 ssl;
3d3034b5 AM	22
3d3034b5 AM	23	# Leave only secure protocols (so disable unsecure SSLv2/SSLv3)
4e35999b	24	# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
3d3034b5 AM	25
	26	# https://wiki.mozilla.org/Security/Server_Side_TLS
	27	# perfect forward secrecy
d4cab47e	28	# ssl_prefer_server_ciphers on;
3f78dfb7	29	# ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-DSS-AES128-GCM-SHA256 kEDH+AESGCM ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-ECDSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-DSS-AES128-SHA256 DHE-RSA-AES256-SHA256 DHE-DSS-AES256-SHA DHE-RSA-AES256-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA AES CAMELLIA DES-CBC3-SHA !aNULL !eNULL !EXPORT !DES !RC4 !MD5 !PSK !aECDH !EDH-DSS-DES-CBC3-SHA !EDH-RSA-DES-CBC3-SHA !KRB5-DES-CBC3-SHA";
d4cab47e AM	30
	31	# Session resumption (caching)
	32	# ssl_session_cache shared:SSL:50m;
	33	# ssl_session_timeout 5m;
3d3034b5	34
3874fa8c JK	35	# ssl_certificate /etc/nginx/server.crt;
	36	# ssl_certificate_key /etc/nginx/server.key;
	37
0ccf3faa	38	server_name localhost;
a8a40c5a	39	access_log /var/log/nginx/nginx-@type@_access.log main;
0ccf3faa	40
	41	location / {
	42	autoindex on;
	43	root /home/services/nginx/html;
	44	index index.html index.htm index.php;
0ccf3faa	45	}
0ccf3faa	46
36b3be34	47	include webapps.d/*.conf;
5d9f0850	48	}
0ccf3faa	49
36b3be34	50	include vhosts.d/*.conf;
0ccf3faa	51	}