1 files changed, 65 insertions, 0 deletions

diff --git a/nginx/nginx.conf b/nginx/nginx.conf
new file mode 100644
index 0000000..0857b7e
--- /dev/null
+++ b/nginx/nginx.conf
@@ -0,0 +1,65 @@
+user www-data;
+worker_processes  4;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '[$time_local] $remote_addr - $remote_user "$request" '
+                      '$status "$http_referer" '
+                      '"$http_user_agent" "$server_name"';
+
+    access_log  /var/log/nginx/access.log  main;
+    ssl_certificate	/root/dybiec.info/fullchain.pem;
+    ssl_certificate_key /root/dybiec.info/privkey.pem;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+
+    ssl_session_cache shared:SSL:40m;
+    ssl_session_timeout 1h;
+
+    ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256;
+
+
+    sendfile        on;
+    tcp_nopush     on;
+
+    etag	on;
+
+    keepalive_timeout  65;
+
+    gzip  on;
+    gzip_proxied any;
+    gzip_types
+        text/css
+        text/javascript
+        text/xml
+        text/plain
+        application/javascript
+        application/x-javascript
+        application/json;
+
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+
+    server {
+	listen 80;
+	allow 127.0.0.1;
+	allow 172.0.0.0/8;
+	deny all;
+    }
+    include /etc/nginx/conf.d/*.conf;
+
+    error_page 500 501 502 503 504 /50x.html;
+    
+}
+