nginx.conf

   1 # For more information on configuration, see:
   2 #   * Official English Documentation: http://nginx.org/en/docs/
   3 #   * Official Russian Documentation: http://nginx.org/ru/docs/
   4
   5 user nginx nginx;
   6 worker_processes auto;
   7 error_log /var/log/nginx/error.log;
   8 pid /var/run/nginx.pid;
   9
  10 # Load dynamic modules first
  11 include modules.d/*.conf;
  12
  13 events {
  14         worker_connections 2048;
  15         use epoll;
  16 }
  17
  18 http {
  19         log_format main '$remote_addr - $remote_user [$time_local] "$request" '
  20                         '$status $body_bytes_sent "$http_referer" '
  21                         '"$http_user_agent" "$http_x_forwarded_for"';
  22         access_log /var/log/nginx/access.log main;
  23
  24         sendfile on;
  25         tcp_nopush on;
  26         tcp_nodelay on;
  27         keepalive_timeout 65;
  28         types_hash_max_size 2048;
  29
  30         include /etc/nginx/mime.types;
  31         default_type application/octet-stream;
  32
  33         # Load modular configuration files from the /etc/nginx/conf.d directory.
  34         # See http://nginx.org/en/docs/ngx_core_module.html#include
  35         # for more information.
  36         include /etc/nginx/conf.d/*.conf;
  37
  38         server {
  39                 listen 80 default_server;
  40                 listen [::]:80 default_server;
  41                 server_name  _;
  42
  43                 # https://wiki.mozilla.org/Security/Server_Side_TLS
  44                 #listen 443 ssl http2 default_server;
  45                 #listen [::]:443 ssl http2 default_server;
  46
  47                 # Certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
  48                 #ssl_certificate /etc/nginx/server.crt;
  49                 #ssl_certificate_key /etc/nginx/server.key;
  50
  51                 # Session resumption (caching)
  52                 #ssl_session_timeout 1d;
  53                 #ssl_session_cache shared:SSL:50m;
  54                 #ssl_session_tickets off;
  55
  56                 # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
  57                 #ssl_dhparam /etc/nginx/dhparam.pem;
  58
  59                 # modern tweak to your needs.
  60                 # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.14.0&openssl=1.1.1&hsts=yes&profile=modern
  61                 #ssl_protocols TLSv1.2 TLSv1.3;
  62                 #ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
  63                 #ssl_prefer_server_ciphers on;
  64
  65                 # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
  66                 #add_header Strict-Transport-Security max-age=15768000;
  67
  68                 # OCSP Stapling ---
  69                 # fetch OCSP records from URL in ssl_certificate and cache them
  70                 #ssl_stapling on;
  71                 #ssl_stapling_verify on;
  72
  73                 # verify chain of trust of OCSP response using Root CA and Intermediate certs
  74                 #ssl_trusted_certificate /etc/nginx/ca.crt;
  75
  76                 access_log      /var/log/nginx/access.log main;
  77
  78                 location / {
  79                         autoindex       on;
  80                         root    /home/services/nginx/html;
  81                         index   index.html index.htm index.php;
  82                 }
  83
  84                 # Load configuration files for the default server block.
  85                 include webapps.d/*.conf;
  86         }
  87
  88         include vhosts.d/*.conf;
  89 }