109 lines
3.3 KiB
Nginx Configuration File
109 lines
3.3 KiB
Nginx Configuration File
|
|
user www;
|
|
worker_processes auto;
|
|
|
|
#error_log logs/error.log;
|
|
#error_log logs/error.log notice;
|
|
#error_log logs/error.log info;
|
|
#error_log /var/log/nginx/error.log crit;
|
|
|
|
#pid logs/nginx.pid;
|
|
|
|
worker_rlimit_nofile 8000;
|
|
#worker_rlimit_sigpending 7000;
|
|
|
|
events {
|
|
worker_connections 4096;
|
|
use kqueue;
|
|
# multi_accept on;
|
|
}
|
|
|
|
|
|
|
|
http {
|
|
## Hasing
|
|
server_names_hash_max_size 1024;
|
|
server_names_hash_bucket_size 128;
|
|
|
|
##
|
|
# Basic Settings
|
|
##
|
|
|
|
## Size Limits
|
|
client_header_buffer_size 1k;
|
|
client_max_body_size 50M;
|
|
client_body_buffer_size 128k;
|
|
large_client_header_buffers 1 1k;
|
|
|
|
## Timeout
|
|
client_body_timeout 5;
|
|
client_header_timeout 5;
|
|
keepalive_timeout 5;
|
|
send_timeout 5;
|
|
|
|
## Reset lingering timed out connections. Deflect DDoS
|
|
reset_timedout_connection on;
|
|
|
|
## General Options
|
|
ignore_invalid_headers on;
|
|
limit_conn_zone $binary_remote_addr zone=arbeit:10m;
|
|
#limit_conn_zone gulag binary_remote_addr 1m;
|
|
recursive_error_pages on;
|
|
server_tokens off;
|
|
server_name_in_redirect off;
|
|
sendfile on;
|
|
types_hash_max_size 2048;
|
|
|
|
## TCP Options
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
|
|
include mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
'$status $body_bytes_sent "$http_referer" '
|
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
log_format IP '$remote_addr';
|
|
|
|
#access_log logs/access.log main;
|
|
#access_log /var/log/nginx/ip.log IP;
|
|
|
|
# Log off pour l'instant
|
|
access_log off;
|
|
limit_conn_log_level info;
|
|
|
|
##
|
|
# Gzip Settings
|
|
##
|
|
|
|
gzip on;
|
|
gzip_buffers 16 8k;
|
|
gzip_http_version 1.1;
|
|
gzip_comp_level 6;
|
|
gzip_min_length 10;
|
|
gzip_types text/plain text/css image/png application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon application/vnd.ms-fontobject font/opentype application/x-font-ttfs application/json;
|
|
gzip_vary on;
|
|
gzip_proxied any;
|
|
gzip_disable "msie6";
|
|
|
|
# File Cache Setting
|
|
open_file_cache max=5000 inactive=20s;
|
|
open_file_cache_valid 30s;
|
|
open_file_cache_min_uses 2;
|
|
open_file_cache_errors on;
|
|
|
|
## Security https://gist.github.com/plentz/6737338
|
|
add_header X-Frame-Options SAMEORIGIN;
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'";
|
|
|
|
|
|
# Virtual Host Configs
|
|
|
|
include /usr/local/etc/nginx/conf.d/*.conf;
|
|
|
|
|
|
}
|