blob: c7b8abb3615bc99a871efc6e0147e9c72b660d9c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
user http;
# Automatically determine how many cores to use:
worker_processes auto;
worker_cpu_affinity auto;
events {
# If you want to change this limit, be sure to set LimitNOFILE in the corresponding service:
worker_connections 1000;
}
http {
passenger_root /usr/lib/passenger;
passenger_ruby /usr/bin/ruby;
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log /var/log/nginx/access.log;
passenger_log_file /var/log/nginx/passenger.log;
sendfile on;
#tcp_nopush on;
# 2 minutes, avoids SSL handshakes.
keepalive_timeout 120;
gzip on;
gzip_vary on;
gzip_comp_level 6;
gzip_http_version 1.1;
gzip_proxied any;
gzip_types image/svg+xml application/json application/javascript;
client_body_buffer_size 16M;
client_max_body_size 128M;
# Only support modern SSL protocols:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# We cache session parameters for up to 10 minutes. Shared across workers.
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
# We prefer to use only the ciphers we specify:
ssl_prefer_server_ciphers on;
# Some older browsers still require RC4... ugh.
# ssl_ciphers HIGH:!aNULL:!MD5:!DSS:!RC4;
ssl_dhparam /etc/nginx/dhparam.pem;
include sites/*;
server {
listen 80 default_server;
server_name _;
# Redirect all incoming requests which aren't handled by another server:
# rewrite ^ http://www.domain.com permanent;
}
}
|