aboutsummaryrefslogtreecommitdiffstats
path: root/roles/web/files/nginx/nginx.conf
diff options
context:
space:
mode:
authorAaron LI <aly@aaronly.me>2018-03-05 19:27:06 +0800
committerAaron LI <aly@aaronly.me>2018-03-14 11:35:08 +0800
commitd9b877957c52789e494aeee1ffd4d3128dd9e597 (patch)
treea1ad213d957d789473b4de2a444efc6ee5a47cc2 /roles/web/files/nginx/nginx.conf
parentde51948fd19f05dbeb4eb5ea0cfd6bc46713abd1 (diff)
downloadansible-dfly-vps-d9b877957c52789e494aeee1ffd4d3128dd9e597.tar.bz2
web: create files/{acme,nginx} to organize files better
Diffstat (limited to 'roles/web/files/nginx/nginx.conf')
-rw-r--r--roles/web/files/nginx/nginx.conf94
1 files changed, 94 insertions, 0 deletions
diff --git a/roles/web/files/nginx/nginx.conf b/roles/web/files/nginx/nginx.conf
new file mode 100644
index 0000000..760ca02
--- /dev/null
+++ b/roles/web/files/nginx/nginx.conf
@@ -0,0 +1,94 @@
+#
+# /usr/local/etc/nginx/nginx.conf
+# DragonFly BSD
+#
+#
+# References
+# ----------
+# * A Guide to Caching with NGINX and NGINX Plus
+# https://www.nginx.com/blog/nginx-caching-guide/
+# * Reverse Proxy with Caching
+# https://www.nginx.com/resources/wiki/start/topics/examples/reverseproxycachingexample/
+# * Compression and Decompression
+# https://www.nginx.com/resources/admin-guide/compression-and-decompression/
+# * Nginx location priority
+# https://stackoverflow.com/a/5238430/4856091
+# * Nginx add_header configuration pitfall
+# https://blog.g3rt.nl/nginx-add_header-pitfall.html
+#
+# Tools
+# -----
+# * Qualys SSL Labs SSL Server Test
+# https://www.ssllabs.com/ssltest/
+# * Security Headers Analyzer
+# https://securityheaders.io/
+# * KeyCDN HTTP/2 Test
+# https://tools.keycdn.com/http2-test
+#
+#
+# Aaron LI
+# 2017-04-16
+#
+
+worker_processes 1;
+
+events {
+ worker_connections 1024;
+}
+
+
+http {
+ include mime.types;
+ default_type application/octet-stream;
+
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay on;
+ keepalive_timeout 65;
+
+ # Compression
+ gzip on;
+ gzip_types text/plain application/xml; # text/html always compressed
+ gzip_proxied no-cache no-store private expired auth;
+ gzip_min_length 1000;
+
+ # Don't show the Nginx version number (in error pages / headers)
+ server_tokens off;
+
+ # SSL/TLS settings
+ include conf.d/ssl.conf;
+
+ # Security headers
+ #
+ # WARNING: The "add_header" directive (and some others) are inherited
+ # from the *previous* level *IF AND ONLY IF* there are NO
+ # "add_header" directives defined on the *current* level.
+ # Such behavior leads to the *pitfall* that the added headers
+ # may get *cleared*! In consequence, this common header
+ # configuration file *must* be included within every context
+ # that has "add_header" directives!
+ #
+ include conf.d/security_headers.conf;
+
+ # Proxy Caching
+ #
+ # This setup a cache zone named "CACHE" given 10 MB for metadata storage,
+ # maximum 1 GB for cached contents which will be cleared after 24 hours
+ # without access.
+ #
+ # NOTE: The `proxy_cache_path` directive must be placed in `http` context.
+ #
+ # NOTE: The caching is not efficient since the traffic is rather low.
+ # So disable caching to save a bit memory.
+ #
+ #proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m
+ # inactive=24h max_size=1g use_temp_path=off;
+ #proxy_cache_valid 200 302 60m;
+ #proxy_cache_valid any 1m;
+ #proxy_cache_use_stale error timeout invalid_header updating
+ # http_500 http_502 http_503 http_504;
+ #add_header X-Cache-Status $upstream_cache_status;
+
+ # Site-specific settings
+ include sites/*.conf;
+}