75 lines
1.3 KiB
Nginx Configuration File
75 lines
1.3 KiB
Nginx Configuration File
user www-data;
|
|
pid /run/nginx.pid;
|
|
include /etc/nginx/modules-enabled/*.conf;
|
|
|
|
events {
|
|
worker_connections 768;
|
|
# multi_accept on;
|
|
}
|
|
|
|
http {
|
|
|
|
##
|
|
# Basic Settings
|
|
##
|
|
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
keepalive_timeout 65;
|
|
types_hash_max_size 2048;
|
|
server_tokens off;
|
|
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
# Sub domain too long
|
|
server_names_hash_bucket_size 128;
|
|
|
|
##
|
|
# SSL Settings
|
|
##
|
|
|
|
# Diffie-Hellman parameter for DHE cipher suites
|
|
ssl_dhparam /etc/nginx/dhparam.pem;
|
|
ssl_ecdh_curve secp384r1;
|
|
|
|
# Protocols
|
|
ssl_protocols TLSv1.2;
|
|
ssl_prefer_server_ciphers on;
|
|
#ssl_ciphers EECDH+CHACHA20:ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
|
|
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-SHA";
|
|
|
|
|
|
##
|
|
# Headers
|
|
##
|
|
|
|
add_header X-Frame-Options DENY;
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
|
|
|
|
##
|
|
# Logging Settings
|
|
##
|
|
|
|
access_log /var/log/nginx/access.log;
|
|
error_log /var/log/nginx/error.log;
|
|
|
|
##
|
|
# Gzip Settings
|
|
##
|
|
|
|
gzip off; # To avoid BREACH Attack
|
|
gzip_disable "msie6";
|
|
|
|
|
|
##
|
|
# Virtual Host Configs
|
|
##
|
|
|
|
include /etc/nginx/conf.d/*.conf;
|
|
include /etc/nginx/sites-enabled/*;
|
|
}
|