diff options
Diffstat (limited to 'nginx/nginx.conf')
-rw-r--r-- | nginx/nginx.conf | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/nginx/nginx.conf b/nginx/nginx.conf new file mode 100644 index 0000000..0857b7e --- /dev/null +++ b/nginx/nginx.conf @@ -0,0 +1,65 @@ +user www-data; +worker_processes 4; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '[$time_local] $remote_addr - $remote_user "$request" ' + '$status "$http_referer" ' + '"$http_user_agent" "$server_name"'; + + access_log /var/log/nginx/access.log main; + ssl_certificate /root/dybiec.info/fullchain.pem; + ssl_certificate_key /root/dybiec.info/privkey.pem; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + ssl_session_cache shared:SSL:40m; + ssl_session_timeout 1h; + + ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256; + + + sendfile on; + tcp_nopush on; + + etag on; + + keepalive_timeout 65; + + gzip on; + gzip_proxied any; + gzip_types + text/css + text/javascript + text/xml + text/plain + application/javascript + application/x-javascript + application/json; + + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + + server { + listen 80; + allow 127.0.0.1; + allow 172.0.0.0/8; + deny all; + } + include /etc/nginx/conf.d/*.conf; + + error_page 500 501 502 503 504 /50x.html; + +} + |