user www-data; worker_processes auto; pid /var/run/nginx.pid; worker_rlimit_nofile 65535; worker_priority -5; load_module /etc/nginx/modules/ngx_http_headers_more_filter_module.so; load_module /etc/nginx/modules/ngx_http_naxsi_module.so; load_module /etc/nginx/modules/ngx_http_echo_module.so; load_module /etc/nginx/modules/ndk_http_module.so; load_module /etc/nginx/modules/ngx_http_lua_module.so; load_module /etc/nginx/modules/ngx_http_brotli_filter_module.so; load_module /etc/nginx/modules/ngx_http_brotli_static_module.so; events { worker_connections 65535; multi_accept on; use epoll; } http { server_tokens off; more_clear_headers Server; sendfile on; tcp_nopush on; tcp_nodelay on; reset_timedout_connection on; add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';" always; client_header_buffer_size 1k; large_client_header_buffers 4 8k; client_body_buffer_size 128k; client_max_body_size 20M; client_body_timeout 60s; client_header_timeout 60s; keepalive_timeout 65s; keepalive_requests 10000; send_timeout 30s; proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; proxy_redirect off; proxy_buffering on; proxy_buffer_size 4k; proxy_buffers 8 4k; proxy_busy_buffers_size 8k; proxy_temp_file_write_size 16k; lua_shared_dict blocked_cookies 10M; # Enhanced logging format #log_format detailed escape=json #'{' # '"timestamp": "$time_iso8601",' # '"remote_addr": "$remote_addr",' # '"http_x_forwarded_for": "$http_x_forwarded_for",' # '"upstream_addr": "$upstream_addr",' # '"connection": "$connection",' # '"connection_requests": "$connection_requests",' # '"request_time": "$request_time",' # '"upstream_response_time": "$upstream_response_time",' # '"upstream_connect_time": "$upstream_connect_time",' # '"status": "$status",' # '"upstream_status": "$upstream_status",' # '"body_bytes_sent": "$body_bytes_sent",' # '"request": "$request",' # '"http_user_agent": "$http_user_agent",' # '"cookies": "$http_cookie",' # '"ssl_protocol": "$ssl_protocol",' # '"ssl_cipher": "$ssl_cipher"' #'}'; # Use buffer for access log #access_log /var/log/nginx/access.log detailed buffer=32k flush=5s; #error_log /var/log/nginx/error.log warn; include /etc/nginx/mime.types; default_type application/octet-stream; include /etc/nginx/naxsi_core.rules; gzip on; gzip_vary on; gzip_types text/plain text/css text/xml text/javascript application/json application/javascript application/xml+rss application/rss+xml application/atom+xml image/svg+xml text/x-js text/x-cross-domain-policy application/x-font-ttf application/x-font-opentype application/vnd.ms-fontobject image/x-icon application/x-javascript text/x-component font/opentype font/ttf font/otf; gzip_proxied any; gzip_comp_level 6; gzip_min_length 256; gzip_disable "msie6"; brotli on; brotli_static on; brotli_types text/plain text/css text/xml text/javascript application/json application/javascript application/xml+rss application/rss+xml application/atom+xml image/svg+xml text/x-js text/x-cross-domain-policy application/x-font-ttf application/x-font-opentype application/vnd.ms-fontobject image/x-icon application/x-javascript text/x-component font/opentype font/ttf font/otf; brotli_comp_level 6; brotli_min_length 256; # Include virtual hosts include /etc/nginx/sites-enabled/*; }