kekk
This commit is contained in:
parent
966df32064
commit
21cc313e49
|
|
@ -1,4 +1,3 @@
|
||||||
|
|
||||||
worker_processes auto;
|
worker_processes auto;
|
||||||
worker_rlimit_nofile 65535;
|
worker_rlimit_nofile 65535;
|
||||||
|
|
||||||
|
|
@ -22,6 +21,7 @@ stream {
|
||||||
|
|
||||||
http {
|
http {
|
||||||
|
|
||||||
|
# Basic Settings
|
||||||
charset utf-8;
|
charset utf-8;
|
||||||
sendfile on;
|
sendfile on;
|
||||||
tcp_nopush on;
|
tcp_nopush on;
|
||||||
|
|
@ -31,6 +31,9 @@ http {
|
||||||
types_hash_max_size 4096;
|
types_hash_max_size 4096;
|
||||||
types_hash_bucket_size 64;
|
types_hash_bucket_size 64;
|
||||||
|
|
||||||
|
# Virtual Host Configs
|
||||||
|
include /etc/nginx/sites-enabled/*.conf;
|
||||||
|
|
||||||
# MIME
|
# MIME
|
||||||
include mime.types;
|
include mime.types;
|
||||||
default_type application/octet-stream;
|
default_type application/octet-stream;
|
||||||
|
|
@ -44,14 +47,32 @@ http {
|
||||||
ssl_session_cache shared:MozSSL:10m;
|
ssl_session_cache shared:MozSSL:10m;
|
||||||
ssl_session_tickets off;
|
ssl_session_tickets off;
|
||||||
|
|
||||||
# Diffie-Hellman parameter for DHE ciphersuites
|
# Diffie-Hellman parameter for DHE ciphersuites
|
||||||
ssl_dhparam /etc/nginx/dhparam.pem;
|
ssl_dhparam /etc/nginx/dhparam.pem;
|
||||||
|
|
||||||
# OCSP Stapling
|
# HTTP2 Settings
|
||||||
#ssl_stapling on;
|
http2_max_field_size 64k;
|
||||||
#ssl_stapling_verify on;
|
http2_max_header_size 512k;
|
||||||
|
|
||||||
# Connection header for WebSocket reverse proxy
|
# DDOS Protection
|
||||||
|
limit_conn_zone $binary_remote_addr zone=perip:10m;
|
||||||
|
limit_conn perip 100;
|
||||||
|
|
||||||
|
limit_req_zone $binary_remote_addr zone=engine:10m rate=2r/s;
|
||||||
|
limit_req_zone $binary_remote_addr zone=static:10m rate=100r/s;
|
||||||
|
|
||||||
|
# reset timed out connections freeing ram
|
||||||
|
reset_timedout_connection on;
|
||||||
|
# maximum time between packets the client can pause when sending nginx any data
|
||||||
|
client_body_timeout 10s;
|
||||||
|
# maximum time the client has to send the entire header to nginx
|
||||||
|
client_header_timeout 10s;
|
||||||
|
# timeout which a single keep-alive client connection will stay open
|
||||||
|
keepalive_timeout 65s;
|
||||||
|
# maximum time between packets nginx is allowed to pause when sending the client data
|
||||||
|
send_timeout 10s;
|
||||||
|
|
||||||
|
# Connection header for WebSocket reverse proxy
|
||||||
map $http_upgrade $connection_upgrade {
|
map $http_upgrade $connection_upgrade {
|
||||||
default upgrade;
|
default upgrade;
|
||||||
"" close;
|
"" close;
|
||||||
|
|
@ -78,8 +99,4 @@ http {
|
||||||
default "$proxy_forwarded_elem";
|
default "$proxy_forwarded_elem";
|
||||||
}
|
}
|
||||||
|
|
||||||
# Include sites-enabled and config
|
|
||||||
# include /etc/nginx/conf.d/*.conf;
|
|
||||||
include /etc/nginx/sites-enabled/*;
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue