UniqueSoft/openpanel
2
0
Fork 0
mirror of https://github.com/stefanpejcic/openpanel synced 2025-06-26 18:28:26 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
bd93b1e431
openpanel/configuration/nginx/nginx.conf
Stefan Pejcic ae4c612987 no packages and conf copied
2024-09-18 16:27:40 +02:00

155 lines
4.5 KiB
Nginx Configuration File
Raw Blame History

#user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
worker_rlimit_nofile 65535;
events {
worker_connections 10000;
# multi_accept on;
}
http {
##
# Main
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
client_header_timeout 180s;
client_body_timeout 180s;
client_header_buffer_size 2k;
client_body_buffer_size 256k;
client_max_body_size 1024m;
large_client_header_buffers 4 8k;
send_timeout 60s;
keepalive_timeout 30s;
keepalive_requests 1000;
reset_timedout_connection on;
server_tokens off;
add_header X-XSS-Protection "1; mode=block";
server_name_in_redirect off;
server_names_hash_max_size 512;
server_names_hash_bucket_size 512;
charset utf-8;
##
# Proxy
##
proxy_buffers 256 4k;
proxy_buffer_size 32k;
proxy_busy_buffers_size 56k;
proxy_temp_file_write_size 256k;
proxy_connect_timeout 30s;
proxy_read_timeout 300s;
proxy_send_timeout 180s;
set_real_ip_from 172.16.0.0/12;
real_ip_header X-Forwarded-For;
proxy_hide_header X-Powered-By;
##
# Limits
#
limit_conn_zone $server_name zone=perserver:100m;
limit_conn_status 503;
limit_req_zone $binary_remote_addr zone=one:100m rate=500r/s;
limit_req zone=one burst=100;
types_hash_max_size 2048;
##
# Mime
##
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
##
# Logging
##
log_not_found off;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Compression
##
gzip on;
gzip_vary on;
gzip_static on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 128 4k;
gzip_http_version 1.1;
gzip_min_length 1024;
gzip_types
application/atom+xml
application/geo+json
application/javascript
application/x-javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/xhtml+xml
application/xml
font/eot
font/otf
font/ttf
image/svg+xml
text/css
text/javascript
text/plain
text/xml;
##
# Cloudflare
##
#include /etc/openpanel/nginx/cloudflare.inc;
##
# SSL PCI compliance
##
#ssl_buffer_size 1369;
#ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256";
#ssl_dhparam /etc/ssl/dhparam.pem;
#ssl_early_data on;
#ssl_ecdh_curve auto;
#ssl_prefer_server_ciphers on;
#ssl_protocols TLSv1.2 TLSv1.3;
#ssl_session_cache shared:SSL:20m;
#ssl_session_tickets on;
#ssl_session_timeout 7d;
#resolver 1.0.0.1 8.8.4.4 1.1.1.1 8.8.8.8 valid=300s ipv6=off;
#resolver_timeout 5s;
##
# Bypass
##
map $http_cookie $no_cache {
default 0;
~SESS 1;
~wordpress_logged_in 1;
}
##
# Wildcard include
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
Reference in New Issue View Git Blame Copy Permalink