57 lines
1.6 KiB
Plaintext
57 lines
1.6 KiB
Plaintext
user nginx;
|
|
worker_processes <%= [[@processorcount.to_i, 2].min, @processorcount.to_i / 2].max %>;
|
|
|
|
error_log /var/log/nginx/error.log;
|
|
pid /var/run/nginx.pid;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
use epoll;
|
|
}
|
|
|
|
http {
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
'$status $body_bytes_sent "$http_referer" '
|
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
|
|
access_log /var/log/nginx/access.log main;
|
|
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
|
|
# don't buffer data-sends (disable Nagle algorithm).
|
|
# Good for sending frequent small bursts of data in real time.
|
|
tcp_nodelay on;
|
|
|
|
#keepalive_timeout 0;
|
|
keepalive_timeout 65;
|
|
|
|
client_header_timeout 3s;
|
|
client_body_timeout 3s;
|
|
|
|
server_tokens off;
|
|
#gzip on;
|
|
|
|
#prefer server ciphers over client ones
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
#prevent from clickjacking attacks
|
|
add_header X-Frame-Options SAMEORIGIN;
|
|
|
|
#prevents from MIME-sniffing a response away from the declared content-type
|
|
add_header X-Content-Type nosniff;
|
|
|
|
#enables the XSS filter built into most recent web browsers
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
|
|
#enforces the HSTS Policy (for a 6 months and include subdomains)
|
|
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
|
|
|
|
# Load config files from the /etc/nginx/conf.d directory
|
|
# The default server is in conf.d/default.conf
|
|
include /etc/nginx/conf.d/*.conf;
|
|
}
|