115 lines
2.5 KiB
Nginx Configuration File
115 lines
2.5 KiB
Nginx Configuration File
# /etc/nginx/nginx.conf
|
|
|
|
# load dynamic modules
|
|
load_module /usr/lib/nginx/modules/ngx_http_cookie_flag_filter_module.so;
|
|
load_module /usr/lib/nginx/modules/ngx_http_geoip2_module.so;
|
|
load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so;
|
|
load_module /usr/lib/nginx/modules/ngx_http_lua_module.so;
|
|
load_module /usr/lib/nginx/modules/ngx_http_modsecurity_module.so;
|
|
load_module /usr/lib/nginx/modules/ngx_stream_geoip2_module.so;
|
|
load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so;
|
|
load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so;
|
|
|
|
# run as daemon
|
|
daemon on;
|
|
|
|
# PID file
|
|
pid /tmp/nginx.pid;
|
|
|
|
# worker number = CPU core(s)
|
|
worker_processes auto;
|
|
|
|
# faster regexp
|
|
pcre_jit on;
|
|
|
|
# config files for dynamic modules
|
|
include /etc/nginx/modules/*.conf;
|
|
|
|
events {
|
|
# max connections per worker
|
|
worker_connections 1024;
|
|
|
|
# epoll seems to be the best on Linux
|
|
use epoll;
|
|
}
|
|
|
|
http {
|
|
# zero copy within the kernel
|
|
sendfile on;
|
|
|
|
# send packets only if filled
|
|
tcp_nopush on;
|
|
|
|
# remove 200ms delay
|
|
tcp_nodelay on;
|
|
|
|
# load mime types and set default one
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
# write logs to local syslog
|
|
log_format logf '%LOG_FORMAT%';
|
|
access_log syslog:server=unix:/dev/log,nohostname,facility=local0,severity=notice logf;
|
|
error_log syslog:server=unix:/dev/log,nohostname,facility=local0 warn;
|
|
|
|
# temp paths
|
|
proxy_temp_path /tmp/proxy_temp;
|
|
client_body_temp_path /tmp/client_temp;
|
|
fastcgi_temp_path /tmp/fastcgi_temp;
|
|
uwsgi_temp_path /tmp/uwsgi_temp;
|
|
scgi_temp_path /tmp/scgi_temp;
|
|
|
|
# close connections in FIN_WAIT1 state
|
|
reset_timedout_connection on;
|
|
|
|
# timeouts
|
|
client_body_timeout 12;
|
|
client_header_timeout 12;
|
|
keepalive_timeout 15;
|
|
send_timeout 10;
|
|
|
|
# resolvers to use
|
|
resolver %DNS_RESOLVERS% ipv6=off;
|
|
|
|
# remove ports when sending redirects
|
|
port_in_redirect off;
|
|
|
|
# lua path and dicts
|
|
lua_package_path "/usr/local/lib/lua/?.lua;;";
|
|
%WHITELIST_IP_CACHE%
|
|
%WHITELIST_REVERSE_CACHE%
|
|
%BLACKLIST_IP_CACHE%
|
|
%BLACKLIST_REVERSE_CACHE%
|
|
%DNSBL_CACHE%
|
|
|
|
# crowdsec init
|
|
%USE_CROWDSEC%
|
|
|
|
# shared memory zone for limit_req
|
|
%LIMIT_REQ_ZONE%
|
|
|
|
# shared memory zone for limit_conn
|
|
%LIMIT_CONN_ZONE%
|
|
|
|
# whitelist or blacklist country
|
|
%USE_COUNTRY%
|
|
|
|
# list of blocked user agents
|
|
%BLOCK_USER_AGENT%
|
|
|
|
# list of blocked referrers
|
|
%BLOCK_REFERRER%
|
|
|
|
# zone for proxy_cache
|
|
%PROXY_CACHE_PATH%
|
|
|
|
# custom http confs
|
|
include /http-confs/*.conf;
|
|
|
|
# default server when MULTISITE=yes
|
|
%MULTISITE_DEFAULT_SERVER%
|
|
|
|
# server config(s)
|
|
%INCLUDE_SERVER%
|
|
}
|