user www-data; worker_processes auto; worker_rlimit_core 100000; worker_rlimit_nofile 100000; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { worker_connections 20000; multi_accept on; } http { ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; server_tokens off; reset_timedout_connection on; send_timeout 30; keepalive_timeout 30; keepalive_requests 100000; client_body_buffer_size 32k; client_max_body_size 50m; client_body_timeout 30; client_header_timeout 30; open_file_cache max=1000 inactive=10s; open_file_cache_valid 30s; open_file_cache_min_uses 2; open_file_cache_errors on; types_hash_max_size 2048; server_names_hash_max_size 2048; server_names_hash_bucket_size 64; # server_name_in_redirect off; limit_req_status 403; limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; limit_req_zone $binary_remote_addr zone=wp:10m rate=5r/s; include /etc/nginx/mime.types; default_type application/octet-stream; ## # SSL Settings ## ssl_protocols TLSv1.2 TLSv1.3; ssl_buffer_size 4k; ssl_session_tickets off; ssl_session_timeout 1h; ssl_session_cache shared:SSL:50m; ssl_dhparam /etc/ssl/dhparam.pem; ssl_ecdh_curve prime256v1:secp384r1:secp521r1; ssl_prefer_server_ciphers on; ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256'; ## # Logging Settings ## access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; open_log_file_cache max=1000 inactive=30s valid=1m; log_format we_log '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] ' '$http_host "$request" $status $body_bytes_sent $request_time ' '"$http_referer" "$http_user_agent"'; ## # Gzip Settings ## gzip on; gzip_disable "msie6"; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; gzip_min_length 256; gzip_http_version 1.1; gzip_types application/atom+xml application/geo+json application/javascript application/x-javascript application/json application/ld+json application/manifest+json application/rdf+xml application/rss+xml application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/eot font/opentype font/otf font/ttf image/bmp image/svg+xml image/x-icon text/cache-manifest text/calendar text/css text/javascript text/markdown text/plain text/xml text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; ## # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; } #mail { # # See sample authentication script at: # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript # # # auth_http localhost/auth.php; # # pop3_capabilities "TOP" "USER"; # # imap_capabilities "IMAP4rev1" "UIDPLUS"; # # server { # listen localhost:110; # protocol pop3; # proxy on; # } # # server { # listen localhost:143; # protocol imap; # proxy on; # } #}