Saturday, May 09, 2026 AM03:21:24 HKT
This commit is contained in:
+115
@@ -0,0 +1,115 @@
|
||||
user www-data;
|
||||
worker_processes auto;
|
||||
pid /var/run/nginx.pid;
|
||||
worker_rlimit_nofile 65535;
|
||||
worker_priority -5;
|
||||
|
||||
load_module /etc/nginx/modules/ngx_http_headers_more_filter_module.so;
|
||||
load_module /etc/nginx/modules/ngx_http_naxsi_module.so;
|
||||
load_module /etc/nginx/modules/ngx_http_echo_module.so;
|
||||
load_module /etc/nginx/modules/ndk_http_module.so;
|
||||
load_module /etc/nginx/modules/ngx_http_lua_module.so;
|
||||
load_module /etc/nginx/modules/ngx_http_brotli_filter_module.so;
|
||||
load_module /etc/nginx/modules/ngx_http_brotli_static_module.so;
|
||||
|
||||
events {
|
||||
worker_connections 65535;
|
||||
multi_accept on;
|
||||
use epoll;
|
||||
}
|
||||
|
||||
http {
|
||||
server_tokens off;
|
||||
more_clear_headers Server;
|
||||
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
|
||||
reset_timedout_connection on;
|
||||
|
||||
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';" always;
|
||||
|
||||
client_header_buffer_size 1k;
|
||||
large_client_header_buffers 4 8k;
|
||||
|
||||
client_body_buffer_size 128k;
|
||||
client_max_body_size 20M;
|
||||
|
||||
client_body_timeout 60s;
|
||||
client_header_timeout 60s;
|
||||
keepalive_timeout 65s;
|
||||
keepalive_requests 10000;
|
||||
send_timeout 30s;
|
||||
|
||||
proxy_connect_timeout 60s;
|
||||
proxy_send_timeout 60s;
|
||||
proxy_read_timeout 60s;
|
||||
proxy_redirect off;
|
||||
proxy_buffering on;
|
||||
proxy_buffer_size 4k;
|
||||
proxy_buffers 8 4k;
|
||||
proxy_busy_buffers_size 8k;
|
||||
proxy_temp_file_write_size 16k;
|
||||
|
||||
lua_shared_dict blocked_cookies 10M;
|
||||
|
||||
# Enhanced logging format
|
||||
#log_format detailed escape=json
|
||||
#'{'
|
||||
# '"timestamp": "$time_iso8601",'
|
||||
# '"remote_addr": "$remote_addr",'
|
||||
# '"http_x_forwarded_for": "$http_x_forwarded_for",'
|
||||
# '"upstream_addr": "$upstream_addr",'
|
||||
# '"connection": "$connection",'
|
||||
# '"connection_requests": "$connection_requests",'
|
||||
# '"request_time": "$request_time",'
|
||||
# '"upstream_response_time": "$upstream_response_time",'
|
||||
# '"upstream_connect_time": "$upstream_connect_time",'
|
||||
# '"status": "$status",'
|
||||
# '"upstream_status": "$upstream_status",'
|
||||
# '"body_bytes_sent": "$body_bytes_sent",'
|
||||
# '"request": "$request",'
|
||||
# '"http_user_agent": "$http_user_agent",'
|
||||
# '"cookies": "$http_cookie",'
|
||||
# '"ssl_protocol": "$ssl_protocol",'
|
||||
# '"ssl_cipher": "$ssl_cipher"'
|
||||
#'}';
|
||||
|
||||
# Use buffer for access log
|
||||
#access_log /var/log/nginx/access.log detailed buffer=32k flush=5s;
|
||||
#error_log /var/log/nginx/error.log warn;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
include /etc/nginx/naxsi_core.rules;
|
||||
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_types text/plain text/css text/xml text/javascript
|
||||
application/json application/javascript application/xml+rss
|
||||
application/rss+xml application/atom+xml image/svg+xml
|
||||
text/x-js text/x-cross-domain-policy application/x-font-ttf
|
||||
application/x-font-opentype application/vnd.ms-fontobject
|
||||
image/x-icon application/x-javascript text/x-component
|
||||
font/opentype font/ttf font/otf;
|
||||
gzip_proxied any;
|
||||
gzip_comp_level 6;
|
||||
gzip_min_length 256;
|
||||
gzip_disable "msie6";
|
||||
|
||||
brotli on;
|
||||
brotli_static on;
|
||||
brotli_types text/plain text/css text/xml text/javascript
|
||||
application/json application/javascript application/xml+rss
|
||||
application/rss+xml application/atom+xml image/svg+xml
|
||||
text/x-js text/x-cross-domain-policy application/x-font-ttf
|
||||
application/x-font-opentype application/vnd.ms-fontobject
|
||||
image/x-icon application/x-javascript text/x-component
|
||||
font/opentype font/ttf font/otf;
|
||||
brotli_comp_level 6;
|
||||
brotli_min_length 256;
|
||||
|
||||
# Include virtual hosts
|
||||
include /etc/nginx/sites-enabled/*;
|
||||
}
|
||||
Reference in New Issue
Block a user