This repository has been archived by the owner on Apr 17, 2024. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 19
NGINX Config
darkalchemy edited this page Oct 5, 2019
·
13 revisions
This is what I am currently using. This redirects all http(80) requests to https(443). The certificate is managed by Certbot(letsencrypt).
server {
root /var/www/master/public;
index index.php;
server_name pu-239.pw;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /robots.txt {
access_log off;
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
}
location ~* \.(gz|css|js|ogg|ogv|svg|svgz|eot|otf|woff|woff2|mp4|webm|htc|mp3|ttf|rss|atom|jpg|jpeg|gif|gifv|torrent|nfo|png|ico|cur|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)(\?ver=[0-9.]+)?$ {
expires max;
add_header Cache-Control "public";
}
location /images {
expires max;
access_log off;
log_not_found off;
add_header Cache-Control "public";
}
location /fonts {
expires max;
access_log off;
log_not_found off;
add_header Cache-Control "public";
}
location /images/proxy {
default_type image/jpeg;
expires max;
access_log off;
log_not_found off;
add_header Cache-Control "public";
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_read_timeout 300;
# With php-cgi (or other tcp sockets):
#fastcgi_pass 127.0.0.1:9000;
#fastcgi_cache MYAPP;
#fastcgi_cache_valid 200 60m;
}
location ~ /\. {
deny all;
}
error_page 404 /404.html;
listen [::]:443 ssl http2; # managed by Certbot
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/pu-239.pw/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/pu-239.pw/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = pu-239.pw) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name pu-239.pw;
return 404; # managed by Certbot
}
and this is the nginx.conf
user www-data;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
# Set this value to 2 times the number of cpus
worker_processes 16;
worker_rlimit_nofile 50000;
events {
# max_clients = worker_processes * worker_connections
worker_connections 20000;
# Only for Linux 2.6 or >
use epoll;
# Accept as many connections as possible
multi_accept on;
}
http {
types_hash_bucket_size 64;
map_hash_bucket_size 192;
# Mime types
include mime.types;
default_type application/octet-stream;
# Log format
#set_real_ip_from 127.0.0.1;
#real_ip_header X-Forwarded-For;
log_format compression '$remote_addr $request_time $remote_user [$time_local] '
'$request_time '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$http_x_forwarded_for" "$gzip_ratio"';
# Hide the Nginx version number
server_tokens off;
## set max hits to http at 1 per sec
limit_req_zone $binary_remote_addr zone=one:20m rate=1r/s;
limit_conn_zone $binary_remote_addr zone=addr:20m;
# Some tweeks...
sendfile on;
tcp_nodelay on;
tcp_nopush on;
# Timeouts
keepalive_requests 100;
keepalive_timeout 65;
types_hash_max_size 2048;
client_body_timeout 30;
client_header_timeout 30;
send_timeout 30;
client_max_body_size 8M;
reset_timedout_connection on;
fastcgi_read_timeout 300;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
#buffers
client_body_buffer_size 2m;
client_header_buffer_size 256k;
large_client_header_buffers 8 1024k;
fastcgi_buffers 512 16k;
fastcgi_buffer_size 512k;
fastcgi_busy_buffers_size 512k;
fastcgi_cache_path /dev/shm/nginx levels=1:2 keys_zone=MYAPP:100m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
fastcgi_temp_file_write_size 512k;
fastcgi_max_temp_file_size 0;
# Gzip module configuration
gzip_static on;
gzip on;
gzip_http_version 1.1;
gzip_disable "MSIE [1-6].(?!.*SV1)";
gzip_min_length 256;
gzip_proxied any;
gzip_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component text/xml text/javascript application/x-javascript;
gzip_vary on;
gzip_comp_level 6;
gzip_buffers 64 256k;
map $request_uri $loggable {
~\.(gz|css|js|ogg|ogv|svg|svgz|eot|otf|woff|woff2|mp4|webm|htc|mp3|ttf|rss|atom|jpg|jpeg|gif|gifv|torrent|nfo|png|ico|cur|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf) 0;
~/announce.php* 0;
~/scrape.php* 0;
~/ajaxchat.php* 0;
~/trivia.php* 0;
default 1;
}
access_log /var/log/nginx/access.log.gz compression buffer=512k gzip flush=1m if=$loggable;
error_log /var/log/nginx/error.log;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}