69 lines
1.9 KiB
Nginx Configuration File
69 lines
1.9 KiB
Nginx Configuration File
worker_processes 4;
|
|
pid /tmp/nginx.pid;
|
|
|
|
|
|
error_log /dev/stderr info;
|
|
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
multi_accept off;
|
|
}
|
|
|
|
http {
|
|
|
|
|
|
## asynchronous input/output policy.
|
|
tcp_nopush on;
|
|
sendfile on;
|
|
|
|
|
|
## Security policy
|
|
ssl_protocols TLSv1.3 TLSv1.2;
|
|
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
|
|
server_tokens off; # disable server version response header.
|
|
add_header X-Content-Type-Options nosniff; # Disable sniffing
|
|
add_header X-Frame-Options SAMEORIGIN always; # Prevent clickjacking.
|
|
add_header "X-XSS-Protection" "1; mode=block"; # Prevent cross-site-scripting
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; # Force HSTS, prevent mitm attack between 301 redirect for http, and https server.
|
|
|
|
|
|
## Log file policy.
|
|
log_format logformat '$remote_addr - $remote_user [$time_local] "$request" '
|
|
'$status $body_bytes_sent "$http_referer" '
|
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
access_log /dev/stdout logformat;
|
|
|
|
|
|
## Temp file policy.
|
|
client_body_temp_path /tmp/client_temp;
|
|
fastcgi_temp_path /tmp/fastcgi_temp;
|
|
uwsgi_temp_path /tmp/uwsgi_temp;
|
|
proxy_temp_path /tmp/proxy_temp;
|
|
scgi_temp_path /tmp/scgi_temp;
|
|
|
|
|
|
## Buffer Policy.
|
|
client_body_buffer_size 1K;
|
|
client_header_buffer_size 1k;
|
|
client_max_body_size 1k;
|
|
large_client_header_buffers 2 1k;
|
|
|
|
|
|
## Client timeout policy
|
|
client_body_timeout 10;
|
|
client_header_timeout 10;
|
|
keepalive_timeout 5 5;
|
|
send_timeout 10;
|
|
|
|
|
|
## Default mime type.
|
|
include snippets/mime-types.conf;
|
|
default_type text/html;
|
|
|
|
|
|
## http vhosts
|
|
include conf.d/http/*.conf;
|
|
|
|
|
|
} |