user www-data;
worker_processes 2;
pid /run/nginx.pid;
pcre_jit on;
worker_rlimit_nofile 30000;
worker_shutdown_timeout 1m;
events {
worker_connections 7680;
multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
aio threads;
aio_write on;
directio 512;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
client_max_body_size 50M;
client_body_timeout 10s;
client_header_timeout 10s;
client_body_buffer_size 32k;
server_names_hash_bucket_size 128;
server_names_hash_max_size 1024;
server_name_in_redirect off;
port_in_redirect off;
charset UTF-8;
index index.html index.htm index.php;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve X448:X25519:secp521r1:secp384r1;
ssl_ciphers HIGH:!PSK:!aNULL:!MD5:!SHA:!CAMELLIA:!AES+SHA256:!AES+SHA384;
ssl_session_cache off;
ssl_early_data off;
ssl_stapling on;
ssl_stapling_verify on;
ssl_certificate /etc/acme.sh/danwin1210.de_ecc/fullchain.cer;
ssl_certificate_key /etc/acme.sh/danwin1210.de_ecc/danwin1210.de.key;
ssl_dhparam /etc/nginx/dh4096.pem;
##
# Logging Settings
##
log_format custom '0.0.0.0 - $remote_user [$time_local] "$request" $status $bytes_sent "$http_referer" "$http_user_agent"';
access_log /var/log/nginx/access.log custom buffer=32k flush=1m;
error_log /var/log/nginx/error.log notice;
log_not_found off;
resolver 127.0.0.1 [::1];
resolver_timeout 2s;
root /var/www/html;
map $http_upgrade $connection_upgrade {
default upgrade;
'' '';
}
proxy_http_version 1.1;
proxy_buffer_size 8k;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header Proxy "";
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port "";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_ignore_client_abort on;
proxy_read_timeout 3600; #wait up to 60 minutes for e.g. database import
##
# Gzip Settings
##
gzip on;
gzip_vary on;
gzip_proxied off;
gzip_comp_level 9;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
gzip_types application/eot application/font application/font-woff application/font-sfnt application/json application/javascript application/javascript-binast application/ld+json application/manifest+json application/opentype application/otf application/truetype application/ttf application/wasm application/x-httpd-cgi application/x-javascript application/x-opentype application/x-otf application/x-perl application/x-ttf application/xml application/xml+rss application/vnd.api+json application/vnd.ms-fontobject application/x-protobuf application/xhtml+xml font/otf font/ttf font/x-woff image/svg+xml image/vnd.microsoft.icon image/x-icon multipart/bag multipart/mixed text/css text/javascript text/js text/plain text/richtext text/x-script text/x-component text/x-java-source text/x-markdown text/xml;
brotli on;
brotli_types application/eot application/font application/font-woff application/font-sfnt application/json application/javascript application/javascript-binast application/ld+json application/manifest+json application/opentype application/otf application/truetype application/ttf application/wasm application/x-httpd-cgi application/x-javascript application/x-opentype application/x-otf application/x-perl application/x-ttf application/xml application/xml+rss application/vnd.api+json application/vnd.ms-fontobject application/x-protobuf application/xhtml+xml font/otf font/ttf font/x-woff image/svg+xml image/vnd.microsoft.icon image/x-icon multipart/bag multipart/mixed text/css text/javascript text/js text/plain text/richtext text/x-script text/x-component text/x-java-source text/x-markdown text/xml;
##
# Virtual Host Configs
##
map $sent_http_content_type $expires {
default off;
~image/ 10d;
~video/ 10d;
~audio/ 10d;
~font/ 10d;
~application/(x-)?font 10d;
text/css 10d;
application/javascript 10d;
}
expires $expires;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}