121 lines
2.6 KiB
Nginx Configuration File
121 lines
2.6 KiB
Nginx Configuration File
# /etc/nginx/nginx.conf
|
|
|
|
# load dynamic modules
|
|
load_module /usr/lib/nginx/modules/ngx_http_cookie_flag_filter_module.so;
|
|
load_module /usr/lib/nginx/modules/ngx_http_geoip2_module.so;
|
|
load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so;
|
|
load_module /usr/lib/nginx/modules/ngx_http_lua_module.so;
|
|
load_module /usr/lib/nginx/modules/ngx_http_modsecurity_module.so;
|
|
load_module /usr/lib/nginx/modules/ngx_stream_geoip2_module.so;
|
|
load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so;
|
|
load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so;
|
|
|
|
# run in foreground
|
|
daemon off;
|
|
|
|
# PID file
|
|
pid /tmp/nginx.pid;
|
|
|
|
# worker number = CPU core(s)
|
|
worker_processes auto;
|
|
|
|
# faster regexp
|
|
pcre_jit on;
|
|
|
|
# config files for dynamic modules
|
|
include /etc/nginx/modules/*.conf;
|
|
|
|
# max open files for each worker
|
|
worker_rlimit_nofile %WORKER_RLIMIT_NOFILE%;
|
|
|
|
events {
|
|
# max connections per worker
|
|
worker_connections %WORKER_CONNECTIONS%;
|
|
|
|
# epoll seems to be the best on Linux
|
|
use epoll;
|
|
}
|
|
|
|
http {
|
|
# zero copy within the kernel
|
|
sendfile on;
|
|
|
|
# send packets only if filled
|
|
tcp_nopush on;
|
|
|
|
# remove 200ms delay
|
|
tcp_nodelay on;
|
|
|
|
# load mime types and set default one
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
# write logs to local syslog
|
|
log_format logf '%LOG_FORMAT%';
|
|
access_log /var/log/access.log logf;
|
|
error_log /var/log/error.log %LOG_LEVEL%;
|
|
|
|
# temp paths
|
|
proxy_temp_path /tmp/proxy_temp;
|
|
client_body_temp_path /tmp/client_temp;
|
|
fastcgi_temp_path /tmp/fastcgi_temp;
|
|
uwsgi_temp_path /tmp/uwsgi_temp;
|
|
scgi_temp_path /tmp/scgi_temp;
|
|
|
|
# close connections in FIN_WAIT1 state
|
|
reset_timedout_connection on;
|
|
|
|
# timeouts
|
|
client_body_timeout 10;
|
|
client_header_timeout 10;
|
|
keepalive_timeout 15;
|
|
send_timeout 10;
|
|
|
|
# resolvers to use
|
|
resolver %DNS_RESOLVERS% ipv6=off;
|
|
|
|
# remove ports when sending redirects
|
|
port_in_redirect off;
|
|
|
|
# lua path and dicts
|
|
lua_package_path "/usr/local/lib/lua/?.lua;;";
|
|
%WHITELIST_IP_CACHE%
|
|
%WHITELIST_REVERSE_CACHE%
|
|
%BLACKLIST_IP_CACHE%
|
|
%BLACKLIST_REVERSE_CACHE%
|
|
%DNSBL_CACHE%
|
|
%BLOCK_PROXIES%
|
|
%BLOCK_ABUSERS%
|
|
%BLOCK_TOR_EXIT_NODES%
|
|
%BLOCK_USER_AGENTS%
|
|
%BLOCK_REFERRERS%
|
|
%BAD_BEHAVIOR%
|
|
|
|
# shared memory zone for limit_req
|
|
%LIMIT_REQ_ZONE%
|
|
|
|
# shared memory zone for limit_conn
|
|
%LIMIT_CONN_ZONE%
|
|
|
|
# whitelist or blacklist country
|
|
%USE_COUNTRY%
|
|
|
|
# zone for proxy_cache
|
|
%PROXY_CACHE_PATH%
|
|
|
|
# custom http confs
|
|
include /http-confs/*.conf;
|
|
|
|
# LUA init block
|
|
include /etc/nginx/init-lua.conf;
|
|
|
|
# default server when MULTISITE=yes
|
|
%MULTISITE_DEFAULT_SERVER%
|
|
|
|
# server config(s)
|
|
%INCLUDE_SERVER%
|
|
|
|
# API
|
|
%USE_API%
|
|
}
|