Skip to content

Commit 67c03d3

Browse files
ScIT-RaphaelScIT-Raphael
authored
Updated Hestia nginx.conf
2 parents af02f75 + 5888383 commit 67c03d3

File tree

1 file changed

+44
-39
lines changed

1 file changed

+44
-39
lines changed

src/deb/nginx/nginx.conf

Lines changed: 44 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -1,107 +1,112 @@
11
user admin;
22
worker_processes 1;
3+
worker_rlimit_nofile 65535;
34
error_log /usr/local/hestia/log/nginx-error.log;
45
pid /var/run/hestia-nginx.pid;
56

67
events {
78
worker_connections 128;
89
use epoll;
10+
multi_accept on;
911
}
1012

1113
http {
1214
# Main settings
1315
sendfile on;
1416
tcp_nopush on;
1517
tcp_nodelay on;
16-
client_header_timeout 1m;
17-
client_body_timeout 3m;
18+
client_header_timeout 180s;
19+
client_body_timeout 180s;
1820
client_header_buffer_size 2k;
1921
client_body_buffer_size 256k;
2022
client_max_body_size 256m;
21-
large_client_header_buffers 4 8k;
22-
send_timeout 30;
23-
keepalive_timeout 60 60;
23+
large_client_header_buffers 4 8k;
24+
send_timeout 60s;
25+
keepalive_timeout 30s;
26+
keepalive_requests 100000;
2427
reset_timedout_connection on;
2528
server_tokens off;
2629
server_name_in_redirect off;
2730
server_names_hash_max_size 512;
2831
server_names_hash_bucket_size 512;
29-
32+
charset utf-8;
33+
34+
fastcgi_buffers 4 256k;
35+
fastcgi_buffer_size 256k;
36+
fastcgi_busy_buffers_size 256k;
37+
fastcgi_temp_file_write_size 256k;
38+
fastcgi_connect_timeout 30s;
39+
fastcgi_read_timeout 300s;
40+
fastcgi_send_timeout 180s;
41+
42+
proxy_redirect off;
43+
proxy_set_header Host $host;
44+
proxy_set_header X-Real-IP $remote_addr;
45+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
46+
proxy_pass_header Set-Cookie;
47+
proxy_buffers 32 4k;
48+
proxy_connect_timeout 30s;
49+
proxy_read_timeout 300s;
50+
proxy_send_timeout 180s;
3051

3152
# Log format
3253
log_format main '$remote_addr - $remote_user [$time_local] $request '
3354
'"$status" $body_bytes_sent "$http_referer" '
3455
'"$http_user_agent" "$http_x_forwarded_for"';
3556
log_format bytes '$body_bytes_sent';
3657
access_log /usr/local/hestia/log/nginx-access.log main;
37-
38-
39-
# SSL PCI Compliance
40-
ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1;
41-
ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
42-
ssl_session_cache shared:SSL:10m;
43-
ssl_prefer_server_ciphers on;
44-
45-
58+
4659
# Mime settings
4760
include /usr/local/hestia/nginx/conf/mime.types;
4861
default_type application/octet-stream;
4962

50-
5163
# Compression
5264
gzip on;
53-
gzip_comp_level 9;
54-
gzip_min_length 512;
55-
gzip_buffers 8 64k;
56-
gzip_types text/plain text/css text/javascript
57-
application/x-javascript application/javascript;
65+
gzip_static on;
66+
gzip_vary on;
67+
gzip_comp_level 6;
68+
gzip_min_length 1024;
69+
gzip_buffers 16 8k;
70+
gzip_http_version 1.1;
71+
gzip_types text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype;
5872
gzip_proxied any;
73+
gzip_disable "MSIE [1-6]\.";
5974

60-
61-
# Proxy settings
62-
proxy_redirect off;
63-
proxy_set_header Host $host;
64-
proxy_set_header X-Real-IP $remote_addr;
65-
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
66-
proxy_pass_header Set-Cookie;
67-
proxy_connect_timeout 90;
68-
proxy_send_timeout 90;
69-
proxy_read_timeout 90;
70-
proxy_buffers 32 4k;
71-
fastcgi_read_timeout 300;
75+
# SSL PCI Compliance
76+
ssl_session_cache shared:SSL:10m;
77+
ssl_session_timeout 10m;
78+
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
79+
ssl_prefer_server_ciphers on;
80+
ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
7281

7382
# Error pages
7483
error_page 403 /error/403.html;
7584
error_page 404 /error/404.html;
7685
error_page 502 503 504 /error/50x.html;
7786

78-
7987
# Vhost
8088
server {
8189
listen 8083 ssl;
8290
server_name _;
8391
root /usr/local/hestia/web;
84-
charset utf-8;
8592

8693
# Fix error "The plain HTTP request was sent to HTTPS port"
8794
error_page 497 https://$host:$server_port$request_uri;
8895

8996
ssl_certificate /usr/local/hestia/ssl/certificate.crt;
9097
ssl_certificate_key /usr/local/hestia/ssl/certificate.key;
91-
ssl_session_cache shared:SSL:10m;
92-
ssl_session_timeout 10m;
9398

9499
error_page 404 /error/404/index.html;
95100
error_page 403 /error/index.html;
96101
error_page 500 /error/index.html;
97102

98103
location / {
99-
expires max;
104+
expires 1d;
100105
index index.php;
101106
}
102107

103108
location /error/ {
104-
expires max;
109+
expires off;
105110
index index.html;
106111
}
107112

0 commit comments

Comments
 (0)