user www-data; worker_processes 2; pid /run/nginx.pid; pcre_jit on; worker_rlimit_nofile 30000; worker_shutdown_timeout 1m; events { worker_connections 7680; multi_accept on; } http { ## # Basic Settings ## sendfile on; aio threads; aio_write on; directio 512; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; server_tokens off; client_max_body_size 50M; client_body_timeout 10s; client_header_timeout 10s; client_body_buffer_size 32k; server_names_hash_bucket_size 128; server_names_hash_max_size 1024; server_name_in_redirect off; port_in_redirect off; charset UTF-8; index index.html index.htm index.php; include /etc/nginx/mime.types; default_type application/octet-stream; ## # SSL Settings ## ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ecdh_curve X448:X25519:secp521r1:secp384r1; ssl_ciphers HIGH:!PSK:!aNULL:!MD5:!SHA:!CAMELLIA:!AES+SHA256:!AES+SHA384; ssl_session_cache off; ssl_early_data off; ssl_stapling on; ssl_stapling_verify on; ssl_certificate /etc/acme.sh/danwin1210.de_ecc/fullchain.cer; ssl_certificate_key /etc/acme.sh/danwin1210.de_ecc/danwin1210.de.key; ssl_dhparam /etc/nginx/dh4096.pem; ## # Logging Settings ## log_format custom '0.0.0.0 - $remote_user [$time_local] "$request" $status $bytes_sent "$http_referer" "$http_user_agent"'; access_log /var/log/nginx/access.log custom buffer=32k flush=1m; error_log /var/log/nginx/error.log notice; log_not_found off; resolver 127.0.0.1 [::1]; resolver_timeout 2s; root /var/www/html; map $http_upgrade $connection_upgrade { default upgrade; '' ''; } proxy_http_version 1.1; proxy_buffer_size 8k; proxy_buffering off; proxy_set_header Host $host; proxy_set_header Proxy ""; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port ""; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_ignore_client_abort on; proxy_read_timeout 3600; #wait up to 60 minutes for e.g. database import ## # Gzip Settings ## gzip on; gzip_vary on; gzip_proxied off; gzip_comp_level 9; # gzip_buffers 16 8k; # gzip_http_version 1.1; gzip_types application/eot application/font application/font-woff application/font-sfnt application/json application/javascript application/javascript-binast application/ld+json application/manifest+json application/opentype application/otf application/truetype application/ttf application/wasm application/x-httpd-cgi application/x-javascript application/x-opentype application/x-otf application/x-perl application/x-ttf application/xml application/xml+rss application/vnd.api+json application/vnd.ms-fontobject application/x-protobuf application/xhtml+xml font/otf font/ttf font/x-woff image/svg+xml image/vnd.microsoft.icon image/x-icon multipart/bag multipart/mixed text/css text/javascript text/js text/plain text/richtext text/x-script text/x-component text/x-java-source text/x-markdown text/xml; brotli on; brotli_types application/eot application/font application/font-woff application/font-sfnt application/json application/javascript application/javascript-binast application/ld+json application/manifest+json application/opentype application/otf application/truetype application/ttf application/wasm application/x-httpd-cgi application/x-javascript application/x-opentype application/x-otf application/x-perl application/x-ttf application/xml application/xml+rss application/vnd.api+json application/vnd.ms-fontobject application/x-protobuf application/xhtml+xml font/otf font/ttf font/x-woff image/svg+xml image/vnd.microsoft.icon image/x-icon multipart/bag multipart/mixed text/css text/javascript text/js text/plain text/richtext text/x-script text/x-component text/x-java-source text/x-markdown text/xml; ## # Virtual Host Configs ## map $sent_http_content_type $expires { default off; ~image/ 10d; ~video/ 10d; ~audio/ 10d; ~font/ 10d; ~application/(x-)?font 10d; text/css 10d; application/javascript 10d; } expires $expires; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; }