1
0
Fork 0
Be_my_Valentine/nginx/nginx.conf

75 lines
1.3 KiB
Nginx Configuration File

user www-data;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Sub domain too long
server_names_hash_bucket_size 128;
##
# SSL Settings
##
# Diffie-Hellman parameter for DHE cipher suites
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_ecdh_curve secp384r1;
# Protocols
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
#ssl_ciphers EECDH+CHACHA20:ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-SHA";
##
# Headers
##
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip off; # To avoid BREACH Attack
gzip_disable "msie6";
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}