]>
Commit | Line | Data |
---|---|---|
1 | # For more information on configuration, see: | |
2 | # * Official English Documentation: http://nginx.org/en/docs/ | |
3 | # * Official Russian Documentation: http://nginx.org/ru/docs/ | |
4 | ||
5 | user nginx nginx; | |
6 | worker_processes auto; | |
7 | error_log /var/log/nginx/error.log; | |
8 | pid /var/run/nginx.pid; | |
9 | ||
10 | events { | |
11 | worker_connections 2048; | |
12 | use epoll; | |
13 | } | |
14 | ||
15 | http { | |
16 | log_format main '$remote_addr - $remote_user [$time_local] $request ' | |
17 | '"$status" $body_bytes_sent "$http_referer" ' | |
18 | '"$http_user_agent" "$http_x_forwarded_for"'; | |
19 | access_log /var/log/nginx/access.log main; | |
20 | ||
21 | sendfile on; | |
22 | tcp_nopush on; | |
23 | tcp_nodelay on; | |
24 | keepalive_timeout 65; | |
25 | types_hash_max_size 2048; | |
26 | ||
27 | include /etc/nginx/mime.types; | |
28 | default_type application/octet-stream; | |
29 | ||
30 | # Load modular configuration files from the /etc/nginx/conf.d directory. | |
31 | # See http://nginx.org/en/docs/ngx_core_module.html#include | |
32 | # for more information. | |
33 | include /etc/nginx/conf.d/*.conf; | |
34 | ||
35 | server { | |
36 | listen 80 default_server; | |
37 | listen [::]:80 default_server; | |
38 | server_name _; | |
39 | ||
40 | # https://wiki.mozilla.org/Security/Server_Side_TLS | |
41 | #listen 443 ssl http2 default_server; | |
42 | #listen [::]:443 ssl http2 default_server; | |
43 | ||
44 | # Certs sent to the client in SERVER HELLO are concatenated in ssl_certificate | |
45 | #ssl_certificate /etc/nginx/server.crt; | |
46 | #ssl_certificate_key /etc/nginx/server.key; | |
47 | ||
48 | # Session resumption (caching) | |
49 | #ssl_session_timeout 1d; | |
50 | #ssl_session_cache shared:SSL:50m; | |
51 | #ssl_session_tickets off; | |
52 | ||
53 | # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits | |
54 | #ssl_dhparam /etc/nginx/dhparam.pem; | |
55 | ||
56 | # intermediate configuration. tweak to your needs. | |
57 | #ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
58 | #ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; | |
59 | #ssl_prefer_server_ciphers on; | |
60 | ||
61 | # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) | |
62 | #add_header Strict-Transport-Security max-age=15768000; | |
63 | ||
64 | # OCSP Stapling --- | |
65 | # fetch OCSP records from URL in ssl_certificate and cache them | |
66 | #ssl_stapling on; | |
67 | #ssl_stapling_verify on; | |
68 | ||
69 | # verify chain of trust of OCSP response using Root CA and Intermediate certs | |
70 | #ssl_trusted_certificate /etc/nginx/ca.crt; | |
71 | ||
72 | server_name localhost; | |
73 | access_log /var/log/nginx/access.log main; | |
74 | ||
75 | location / { | |
76 | autoindex on; | |
77 | root /home/services/nginx/html; | |
78 | index index.html index.htm index.php; | |
79 | } | |
80 | ||
81 | # Load configuration files for the default server block. | |
82 | include webapps.d/*.conf; | |
83 | } | |
84 | ||
85 | include vhosts.d/*.conf; | |
86 | } |