summarylogtreecommitdiffstats
path: root/nginx.conf
blob: c7b8abb3615bc99a871efc6e0147e9c72b660d9c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66

user http;

# Automatically determine how many cores to use:
worker_processes auto;
worker_cpu_affinity auto;

events {
	# If you want to change this limit, be sure to set LimitNOFILE in the corresponding service:
	worker_connections 1000;
}

http {
	passenger_root /usr/lib/passenger;
	passenger_ruby /usr/bin/ruby;

	include mime.types;
	default_type application/octet-stream;

	#log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
	#          '$status $body_bytes_sent "$http_referer" '
	#          '"$http_user_agent" "$http_x_forwarded_for"';

	#access_log /var/log/nginx/access.log;
	passenger_log_file /var/log/nginx/passenger.log;

	sendfile on;
	#tcp_nopush on;

	# 2 minutes, avoids SSL handshakes.
	keepalive_timeout 120;

	gzip on;
	gzip_vary on;
	gzip_comp_level 6;
	gzip_http_version 1.1;
	gzip_proxied any;
	gzip_types image/svg+xml application/json application/javascript;

	client_body_buffer_size 16M; 
	client_max_body_size 128M;

	# Only support modern SSL protocols:
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	
	# We cache session parameters for up to 10 minutes. Shared across workers.
	ssl_session_timeout 10m;
	ssl_session_cache shared:SSL:10m;
	
	# We prefer to use only the ciphers we specify:
	ssl_prefer_server_ciphers on;
	# Some older browsers still require RC4... ugh.
	# ssl_ciphers HIGH:!aNULL:!MD5:!DSS:!RC4;
	ssl_dhparam /etc/nginx/dhparam.pem;

	include sites/*;

	server {
		listen 80 default_server;
		server_name _;

		# Redirect all incoming requests which aren't handled by another server:
		# rewrite ^ http://www.domain.com permanent;
	}
}