rtfd/in/public/web/nginx/configure.rst

*********
Configure
*********

* /etc/nginx/nginx.conf

.. code::

 pid /run/nginx.pid;
 user user;
 worker_processes auto;

 events {
 multi_accept off;
 worker_connections 512;
 }

 http {

 # General

 keepalive_timeout 60;
 sendfile on;
 server_tokens off;
 tcp_nopush on;
 tcp_nodelay on;
 types_hash_max_size 2048;

 # Names

 server_name_in_redirect off;
 server_names_hash_bucket_size 128;

 # File types

 include /etc/nginx/mime.types;
 default_type application/octet-stream;

 # Security

 ssl_buffer_size 8k;
 ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES256-SHA,DHE-DSS-AES256-GCM-SHA384,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES256-SHA256,DHE-DSS-AES256-SHA256,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA";
 ssl_dhparam /etc/nginx/dhparam;
 ssl_ecdh_curve secp384r1;
 ssl_prefer_server_ciphers on;
 ssl_protocols TLSv1.3 TLSv1.2;
 ssl_session_cache shared:ssl_session_cache:16m;
 ssl_session_timeout 15m;

 # Log

 access_log /var/log/nginx/access.log;
 error_log /var/log/nginx/error.log;

 # Compression

 gzip off;

 # Misc

 add_header Strict-Transport-Security max-age=31557600;
 client_max_body_size 16m;
 index index.html;
 proxy_pass_request_body on;
 proxy_pass_request_headers on;
 proxy_redirect off;

 # Includes

 include /etc/nginx/sites-enabled/*;

 }
content 2017-12-02 22:02:37 +00:00			`*********`
			`Configure`
			`*********`

			`* /etc/nginx/nginx.conf`

			`.. code::`

nginx/configure/unindent 2019-08-04 15:23:42 +00:00			`pid /run/nginx.pid;`
			`user user;`
			`worker_processes auto;`
content 2017-12-02 22:02:37 +00:00
nginx/configure/unindent 2019-08-04 15:23:42 +00:00			`events {`
nginx/configure/unindent 2019-08-04 15:26:56 +00:00			`multi_accept off;`
			`worker_connections 512;`
nginx/configure/unindent 2019-08-04 15:23:42 +00:00			`}`
content 2017-12-02 22:02:37 +00:00
nginx/configure/unindent 2019-08-04 15:23:42 +00:00			`http {`
content 2017-12-02 22:02:37 +00:00
nginx/configure/unindent 2019-08-04 15:26:56 +00:00			`# General`
content 2017-12-02 22:02:37 +00:00
nginx/configure/unindent 2019-08-04 15:26:56 +00:00			`keepalive_timeout 60;`
			`sendfile on;`
			`server_tokens off;`
			`tcp_nopush on;`
			`tcp_nodelay on;`
			`types_hash_max_size 2048;`
content 2017-12-02 22:02:37 +00:00
nginx/configure/unindent 2019-08-04 15:26:56 +00:00			`# Names`
content 2017-12-02 22:02:37 +00:00
nginx/configure/unindent 2019-08-04 15:26:56 +00:00			`server_name_in_redirect off;`
			`server_names_hash_bucket_size 128;`
content 2017-12-02 22:02:37 +00:00
nginx/configure/unindent 2019-08-04 15:26:56 +00:00			`# File types`
content 2017-12-02 22:02:37 +00:00
nginx/configure/unindent 2019-08-04 15:26:56 +00:00			`include /etc/nginx/mime.types;`
			`default_type application/octet-stream;`
content 2017-12-02 22:02:37 +00:00
nginx/configure/unindent 2019-08-04 15:26:56 +00:00			`# Security`
content 2017-12-02 22:02:37 +00:00
nginx/configure/unindent 2019-08-04 15:26:56 +00:00			`ssl_buffer_size 8k;`
			`ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES256-SHA,DHE-DSS-AES256-GCM-SHA384,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES256-SHA256,DHE-DSS-AES256-SHA256,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA";`
			`ssl_dhparam /etc/nginx/dhparam;`
			`ssl_ecdh_curve secp384r1;`
			`ssl_prefer_server_ciphers on;`
nginx/configure/tls1.3 2019-08-04 15:37:37 +00:00			`ssl_protocols TLSv1.3 TLSv1.2;`
nginx/configure/unindent 2019-08-04 15:26:56 +00:00			`ssl_session_cache shared:ssl_session_cache:16m;`
			`ssl_session_timeout 15m;`
content 2017-12-02 22:02:37 +00:00
nginx/configure/unindent 2019-08-04 15:26:56 +00:00			`# Log`
content 2017-12-02 22:02:37 +00:00
nginx/configure/unindent 2019-08-04 15:26:56 +00:00			`access_log /var/log/nginx/access.log;`
			`error_log /var/log/nginx/error.log;`
content 2017-12-02 22:02:37 +00:00
nginx/configure/unindent 2019-08-04 15:26:56 +00:00			`# Compression`
content 2017-12-02 22:02:37 +00:00
nginx/configure/compression 2019-08-04 15:30:39 +00:00			`gzip off;`
content 2017-12-02 22:02:37 +00:00
nginx/configure/unindent 2019-08-04 15:26:56 +00:00			`# Misc`
content 2017-12-02 22:02:37 +00:00
nginx/configure/unindent 2019-08-04 15:26:56 +00:00			`add_header Strict-Transport-Security max-age=31557600;`
			`client_max_body_size 16m;`
			`index index.html;`
			`proxy_pass_request_body on;`
			`proxy_pass_request_headers on;`
			`proxy_redirect off;`

			`# Includes`

			`include /etc/nginx/sites-enabled/*;`
content 2017-12-02 22:02:37 +00:00
nginx/configure/unindent 2019-08-04 15:23:42 +00:00			`}`