webinoly/templates/nginx/nginx.conf

# Webinoly (This configuration file is only for internal use)
#####################################################################################################
# Please, DO NOT MODIFY this file, all the changes will be lost.                                    #
# If you need to modify any of the existing rules, use the proper command as indicated in the docs. #
# If you need to add your own custom rules, you can create a custom file as indicated in the docs.  #
# Please, read the documentation: https://webinoly.com/documentation/                               #
#####################################################################################################

user www-data;
worker_processes auto;
worker_rlimit_core 100000;
worker_rlimit_nofile 100000;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 20000;
	multi_accept on;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	server_tokens off;
	reset_timedout_connection on;
	
	send_timeout 30;
	keepalive_timeout 30;
	keepalive_requests 100000;
	
	client_body_buffer_size 32k;
	client_max_body_size 50m;
	client_body_timeout 30;
	client_header_timeout 30;
	
	open_file_cache max=1000 inactive=10s;
	open_file_cache_valid 30s;
	open_file_cache_min_uses 2;
	open_file_cache_errors on;
	
	types_hash_max_size 2048;
	server_names_hash_max_size 2048;
	server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	limit_req_status 403;
	limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
	limit_req_zone $binary_remote_addr zone=wp:10m rate=5r/s;
	
	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_buffer_size 4k;
	ssl_session_tickets off;
	ssl_session_timeout 1h;
	ssl_session_cache shared:SSL:50m;
	ssl_dhparam /etc/ssl/dhparam.pem;
	ssl_ecdh_curve X25519:prime256v1:secp384r1;
	ssl_prefer_server_ciphers off;
	ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
	
	##
	# Logging Settings
	##
	
	log_format we_log '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
		'$http_host "$request" $status $body_bytes_sent $request_time '
		'"$http_referer" "$http_user_agent"';

	log_format we_log_ext '$remote_addr - $remote_user [$time_local] "$request" '
		'$status $body_bytes_sent "$http_referer" '
		'"$http_user_agent" "$http_x_forwarded_for" '
		'"$host" sn="$server_name" '
		'rt=$request_time '
		'ua="$upstream_addr" us="$upstream_status" '
		'ut="$upstream_response_time" ul="$upstream_response_length" '
		'cs=$upstream_cache_status' ;
	
	include /etc/nginx/conf.d/*.conf.log;
	open_log_file_cache max=1000 inactive=30s valid=1m;
	
	access_log /var/log/nginx/access.log we_log;
	error_log /var/log/nginx/error.log;
	

	##
	# Gzip Settings
	##

	gzip on;
	gzip_disable "msie6";

	gzip_vary on;
	gzip_proxied any;
	gzip_comp_level 6;
	gzip_buffers 16 8k;
	gzip_min_length 256;
	gzip_http_version 1.1;
	gzip_types
		application/atom+xml
		application/geo+json
		application/javascript
		application/x-javascript
		application/json
		application/ld+json
		application/manifest+json
		application/rdf+xml
		application/rss+xml
		application/vnd.ms-fontobject
		application/wasm
		application/x-font-ttf
		application/x-web-app-manifest+json
		application/xhtml+xml
		application/xml
		font/eot
		font/opentype
		font/otf
		font/ttf
		image/bmp
		image/svg+xml
		image/x-icon
		text/cache-manifest
		text/calendar
		text/css
		text/javascript
		text/markdown
		text/plain
		text/xml
		text/vcard
		text/vnd.rim.location.xloc
		text/vtt
		text/x-component
		text/x-cross-domain-policy;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}