nginx.conf 1.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263
  1. user http;
  2. worker_processes auto;
  3. worker_cpu_affinity auto;
  4. events {
  5. multi_accept on;
  6. worker_connections 1024;
  7. }
  8. http {
  9. charset utf-8;
  10. sendfile on;
  11. tcp_nopush on;
  12. tcp_nodelay on;
  13. server_tokens off;
  14. log_not_found off;
  15. types_hash_max_size 2048;
  16. client_max_body_size 16M;
  17. server_names_hash_bucket_size 64;
  18. # Logging
  19. #access_log /var/log/nginx/access.log;
  20. #error_log /var/log/nginx/error.log;
  21. log_format main '$remote_addr - [$time_local] "$request" '
  22. '$status $body_bytes_sent "$http_referer" '
  23. '"$http_user_agent" $request_time '
  24. '$upstream_response_time $pipe';
  25. # Enable compression
  26. gzip on;
  27. gzip_disable "MSIE [1-6]\.";
  28. gzip_vary on;
  29. gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/rss+xml;
  30. # MIME
  31. include mime.types;
  32. default_type application/octet-stream;
  33. # X-XSS Protection
  34. add_header X-XSS-Protection "1; mode=block";
  35. # Add Strict-Transport-Security
  36. add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
  37. # X-Frame-Options
  38. add_header X-Frame-Options "DENY";
  39. # X-Content-Type-Options
  40. add_header X-Content-Type-Options nosniff;
  41. # X-Permitted-Cross-Domain-Policies
  42. add_header X-Permitted-Cross-Domain-Policies master-only;
  43. # Referrer-Policy
  44. add_header Referrer-Policy same-origin;
  45. # Content-Security-Policy
  46. add_header Content-Security-Policy "default-src 'self';";
  47. # load configs
  48. include /etc/nginx/conf.d/*.conf;
  49. include /etc/nginx/sites-enabled/*;
  50. }