Random Nginx Configs

From jrgnsn.net Wiki
Jump to navigation Jump to search

nginx.conf:

 1 user www-data;
 2 worker_processes auto;
 3 pid /run/nginx.pid;
 4 include /etc/nginx/modules-enabled/*.conf;
 5 
 6 events {
 7 	worker_connections 768;
 8 	# multi_accept on;
 9 }
10 
11 http {
12 
13 	##
14 	# Basic Settings
15 	##
16 
17 	sendfile on;
18 	tcp_nopush on;
19 	tcp_nodelay on;
20 	keepalive_timeout 65;
21 	types_hash_max_size 2048;
22 	# server_tokens off;
23 
24 	# server_names_hash_bucket_size 64;
25 	# server_name_in_redirect off;
26 
27 	include /etc/nginx/mime.types;
28 	default_type application/octet-stream;
29 
30 	##
31 	# SSL Settings
32 	##
33 
34 	ssl_protocols TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
35 	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
36 	ssl_prefer_server_ciphers on;
37 
38 	ssl_dhparam /etc/nginx/dhparams.pem;
39 
40 	##
41 	# Logging Settings
42 	##
43 
44 	access_log /var/log/nginx/access.log;
45 	error_log /var/log/nginx/error.log;
46 
47 	##
48 	# Gzip Settings
49 	##
50 
51 	gzip on;
52 	gzip_disable "msie6";
53 
54 	# gzip_vary on;
55 	# gzip_proxied any;
56 	# gzip_comp_level 6;
57 	# gzip_buffers 16 8k;
58 	# gzip_http_version 1.1;
59 	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
60 
61 	##
62 	# Virtual Host Configs
63 	##
64 
65 	include /etc/nginx/conf.d/*.conf;
66 	include /etc/nginx/sites-enabled/*;
67 }
68 
69 
70 #mail {
71 #	# See sample authentication script at:
72 #	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
73 # 
74 #	# auth_http localhost/auth.php;
75 #	# pop3_capabilities "TOP" "USER";
76 #	# imap_capabilities "IMAP4rev1" "UIDPLUS";
77 # 
78 #	server {
79 #		listen     localhost:110;
80 #		protocol   pop3;
81 #		proxy      on;
82 #	}
83 # 
84 #	server {
85 #		listen     localhost:143;
86 #		protocol   imap;
87 #		proxy      on;
88 #	}
89 #}

share.jrgnsn.net.conf:

 1 server {
 2 
 3     server_name share.jrgnsn.net;
 4     root /var/www/share.jrgnsn.net;
 5     index index.html index.htm;
 6 
 7     location / {
 8         try_files $uri $uri/ =404;
 9         autoindex on;
10         autoindex_exact_size off;
11         autoindex_localtime on;
12     }
13     location /secret {
14         auth_basic              "These files are secret!";
15         auth_basic_user_file    /etc/apache2/share.htpasswd;
16     }
17 
18     listen [::]:443 ssl ipv6only=on; # managed by Certbot
19     listen 443 ssl; # managed by Certbot
20     ssl_certificate /etc/letsencrypt/live/jrgnsn.net/fullchain.pem; # managed by Certbot
21     ssl_certificate_key /etc/letsencrypt/live/jrgnsn.net/privkey.pem; # managed by Certbot
22     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
23     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
24 
25 
26 }
27 server {
28     if ($host = share.jrgnsn.net) {
29         return 301 https://$host$request_uri;
30     } # managed by Certbot
31 
32 
33     listen 80;
34     listen [::]:80;
35 
36     server_name share.jrgnsn.net;
37     return 404; # managed by Certbot
38 
39 
40 }

See also