diff options
author | Aaron LI <aly@aaronly.me> | 2018-03-05 19:27:06 +0800 |
---|---|---|
committer | Aaron LI <aly@aaronly.me> | 2018-03-14 11:35:08 +0800 |
commit | d9b877957c52789e494aeee1ffd4d3128dd9e597 (patch) | |
tree | a1ad213d957d789473b4de2a444efc6ee5a47cc2 /roles/web/files/nginx/nginx.conf | |
parent | de51948fd19f05dbeb4eb5ea0cfd6bc46713abd1 (diff) | |
download | ansible-dfly-vps-d9b877957c52789e494aeee1ffd4d3128dd9e597.tar.bz2 |
web: create files/{acme,nginx} to organize files better
Diffstat (limited to 'roles/web/files/nginx/nginx.conf')
-rw-r--r-- | roles/web/files/nginx/nginx.conf | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/roles/web/files/nginx/nginx.conf b/roles/web/files/nginx/nginx.conf new file mode 100644 index 0000000..760ca02 --- /dev/null +++ b/roles/web/files/nginx/nginx.conf @@ -0,0 +1,94 @@ +# +# /usr/local/etc/nginx/nginx.conf +# DragonFly BSD +# +# +# References +# ---------- +# * A Guide to Caching with NGINX and NGINX Plus +# https://www.nginx.com/blog/nginx-caching-guide/ +# * Reverse Proxy with Caching +# https://www.nginx.com/resources/wiki/start/topics/examples/reverseproxycachingexample/ +# * Compression and Decompression +# https://www.nginx.com/resources/admin-guide/compression-and-decompression/ +# * Nginx location priority +# https://stackoverflow.com/a/5238430/4856091 +# * Nginx add_header configuration pitfall +# https://blog.g3rt.nl/nginx-add_header-pitfall.html +# +# Tools +# ----- +# * Qualys SSL Labs SSL Server Test +# https://www.ssllabs.com/ssltest/ +# * Security Headers Analyzer +# https://securityheaders.io/ +# * KeyCDN HTTP/2 Test +# https://tools.keycdn.com/http2-test +# +# +# Aaron LI +# 2017-04-16 +# + +worker_processes 1; + +events { + worker_connections 1024; +} + + +http { + include mime.types; + default_type application/octet-stream; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + + # Compression + gzip on; + gzip_types text/plain application/xml; # text/html always compressed + gzip_proxied no-cache no-store private expired auth; + gzip_min_length 1000; + + # Don't show the Nginx version number (in error pages / headers) + server_tokens off; + + # SSL/TLS settings + include conf.d/ssl.conf; + + # Security headers + # + # WARNING: The "add_header" directive (and some others) are inherited + # from the *previous* level *IF AND ONLY IF* there are NO + # "add_header" directives defined on the *current* level. + # Such behavior leads to the *pitfall* that the added headers + # may get *cleared*! In consequence, this common header + # configuration file *must* be included within every context + # that has "add_header" directives! + # + include conf.d/security_headers.conf; + + # Proxy Caching + # + # This setup a cache zone named "CACHE" given 10 MB for metadata storage, + # maximum 1 GB for cached contents which will be cleared after 24 hours + # without access. + # + # NOTE: The `proxy_cache_path` directive must be placed in `http` context. + # + # NOTE: The caching is not efficient since the traffic is rather low. + # So disable caching to save a bit memory. + # + #proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m + # inactive=24h max_size=1g use_temp_path=off; + #proxy_cache_valid 200 302 60m; + #proxy_cache_valid any 1m; + #proxy_cache_use_stale error timeout invalid_header updating + # http_500 http_502 http_503 http_504; + #add_header X-Cache-Status $upstream_cache_status; + + # Site-specific settings + include sites/*.conf; +} |