user www-data; worker_processes auto; # Lets Nginx determine the number of cores available, disks, server load, and network subsystem worker_rlimit_nofile 20960; # Limit on the maximum number of open files for worker processes. pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { worker_connections 1024; # Number of simultaneous connections that can be opened by a worker. Default is 512 multi_accept on; # Allows a worker to accept many connections in the queue at a time use epoll; # Uses epoll as method to process a connection from the client epoll_events 512; # Number of events Nginx will transfer to the kernel } http { ## # Headers ## add_header X-Frame-Options SAMEORIGIN; # Blocks the browser from rendering the page inside an frame or iframe, unless it's from the same domain add_header X-XSS-Protection "1; mode=block"; # Forces browser to use XSS filter ## # Basic Settings ## sendfile on; tcp_nopush on; # Allows all data to be sent at once tcp_nodelay on; # Adds packets to each other and sends them all at once keepalive_timeout 30s; # Keep connections alive for about 30 seconds. The default is 65 seconds. Reduced time to avoide wasting resources keepalive_requests 30; # Number of requests to keep alive for a specific period of time. 20 or 30 send_timeout 30s; # Sets a timeout for transmitting data to the client types_hash_max_size 4096; charset utf-8; server_tokens off; # Disables sending Nginx version number in error pages and server header server_names_hash_bucket_size 64; # server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; ## # SSL Settings ## ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; ## # Logging Settings ## access_log /var/log/nginx/access.log combined; # Logs accesses to access.log using the combined format error_log /var/log/nginx/error.log warn; # Logs errors to warn.log using the warn format ## # Gzip Settings ## gzip on; # Enables Gzip gzip_vary on; # Adds header field Vary:Accept Encoding to the response gzip_proxied any; # Enables compression for all proxied requests gzip_comp_level 2; # Compression level, between 1 - 9 (the higher, the more resource-consuming) gzip_buffers 16 8k; # Number and size of buffers used to compress a response gzip_http_version 1.1; # Minimum HTTP version of a request for a compressed response gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; # File types affected by the compression gzip_min_length 1000; # Minimum response length ## # Cache Settings ## open_file_cache max=1000 inactive=30s; # Maximum number of elements in the cache, and time after which an element is removed from the cache if it has not been accessed during this time; by default, it is 60 seconds open_file_cache_valid 30s; # Valid period after which the information related to files and directories is re-validated again open_file_cache_min_uses 4; # Minimum number of file accesses during the period configured by the inactive parameter of the open_file_cache directive, required for a file descriptor to remain open in the cache. open_file_cache_errors on; # Enables caching of errors ## # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; ## # Default Server Settings For Invalid Domains ## server { # The default_server option should only be present in this configuration file listen 80 default_server; listen [::]:80 default_server; # Matches any invalid domain or the server's IP server_name _; # Closes connection with no response if attempted to connect to the above return 444; } } # mail { # # See sample authentication script at: # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript # # auth_http localhost/auth.php; # # pop3_capabilities "TOP" "USER"; # # imap_capabilities "IMAP4rev1" "UIDPLUS"; # server { # listen localhost:110; # protocol pop3; # proxy on; # } # server { # listen localhost:143; # protocol imap; # proxy on; # } # }