Last active
March 21, 2017 02:04
-
-
Save deflume1/165db0dda6f20b32171b68961cef3106 to your computer and use it in GitHub Desktop.
Sample nginx.conf file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
user www-data; | |
worker_processes auto; | |
pid /run/nginx.pid; | |
events { | |
worker_connections 768; | |
} | |
http { | |
## | |
# Basic Settings | |
## | |
sendfile on; | |
tcp_nopush on; | |
tcp_nodelay on; | |
keepalive_timeout 65; | |
types_hash_max_size 2048; | |
# We don't need server tokens, no one needs to know our server info | |
server_tokens off; | |
# increase if you have a long hostname | |
server_names_hash_bucket_size 64; | |
include /etc/nginx/mime.types; | |
default_type application/octet-stream; | |
# I upped this to 5m for image uploads | |
client_max_body_size 5m; | |
## | |
# SSL Settings | |
## | |
# only allow strong protocols/ciphers | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE | |
ssl_prefer_server_ciphers on; | |
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; | |
ssl_ecdh_curve secp384r1; | |
ssl_session_cache shared:SSL:20m; | |
ssl_session_timeout 180m; | |
ssl_session_tickets off; | |
ssl_stapling on; | |
ssl_stapling_verify on; | |
resolver 8.8.8.8 8.8.4.4 valid=300s; | |
resolver_timeout 5s; | |
# Only add this if you _never_ want to serve anything except HTTPS traffic. HSTS is really cool, but also | |
# a commitment to never serving non-HTTPS traffic on the domain | |
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always; | |
# Don't allow people to put your site in a frame | |
add_header X-Frame-Options DENY; | |
# Don't let browsers sniff content away from the correct MIME type, always trust the server | |
add_header X-Content-Type-Options nosniff; | |
# path to your strong Diffie-Hellman parameter | |
ssl_dhparam /etc/ssl/certs/dhparam.pem; | |
## | |
# Logging Settings | |
## | |
access_log /var/log/nginx/access.log; | |
error_log /var/log/nginx/error.log; | |
## | |
# Gzip Settings | |
## | |
gzip on; | |
gzip_disable "msie6"; | |
include /etc/nginx/conf.d/*.conf; | |
include /etc/nginx/sites-enabled/*; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment