Skip to content

Commit 71f3a27

Browse files
ScIT-RaphaelScIT-Raphael
authored
Default Hestia nginx.conf
1 parent 0dd6bb0 commit 71f3a27

File tree

1 file changed

+128
-0
lines changed

1 file changed

+128
-0
lines changed

src/deb/nginx/nginx.conf

Lines changed: 128 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,128 @@
1+
user admin;
2+
worker_processes 1;
3+
error_log /usr/local/hestia/log/nginx-error.log;
4+
pid /var/run/hestia-nginx.pid;
5+
6+
events {
7+
worker_connections 128;
8+
use epoll;
9+
}
10+
11+
http {
12+
# Main settings
13+
sendfile on;
14+
tcp_nopush on;
15+
tcp_nodelay on;
16+
client_header_timeout 1m;
17+
client_body_timeout 3m;
18+
client_header_buffer_size 2k;
19+
client_body_buffer_size 256k;
20+
client_max_body_size 256m;
21+
large_client_header_buffers 4 8k;
22+
send_timeout 30;
23+
keepalive_timeout 60 60;
24+
reset_timedout_connection on;
25+
server_tokens off;
26+
server_name_in_redirect off;
27+
server_names_hash_max_size 512;
28+
server_names_hash_bucket_size 512;
29+
30+
31+
# Log format
32+
log_format main '$remote_addr - $remote_user [$time_local] $request '
33+
'"$status" $body_bytes_sent "$http_referer" '
34+
'"$http_user_agent" "$http_x_forwarded_for"';
35+
log_format bytes '$body_bytes_sent';
36+
access_log /usr/local/hestia/log/nginx-access.log main;
37+
38+
39+
# SSL PCI Compliance
40+
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
41+
ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
42+
ssl_session_cache shared:SSL:10m;
43+
ssl_prefer_server_ciphers on;
44+
45+
46+
# Mime settings
47+
include /usr/local/hestia/nginx/conf/mime.types;
48+
default_type application/octet-stream;
49+
50+
51+
# Compression
52+
gzip on;
53+
gzip_comp_level 9;
54+
gzip_min_length 512;
55+
gzip_buffers 8 64k;
56+
gzip_types text/plain text/css text/javascript
57+
application/x-javascript application/javascript;
58+
gzip_proxied any;
59+
60+
61+
# Proxy settings
62+
proxy_redirect off;
63+
proxy_set_header Host $host;
64+
proxy_set_header X-Real-IP $remote_addr;
65+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
66+
proxy_pass_header Set-Cookie;
67+
proxy_connect_timeout 90;
68+
proxy_send_timeout 90;
69+
proxy_read_timeout 90;
70+
proxy_buffers 32 4k;
71+
fastcgi_read_timeout 300;
72+
73+
# Error pages
74+
error_page 403 /error/403.html;
75+
error_page 404 /error/404.html;
76+
error_page 502 503 504 /error/50x.html;
77+
78+
79+
# Vhost
80+
server {
81+
listen 8083;
82+
server_name _;
83+
root /usr/local/hestia/web;
84+
charset utf-8;
85+
86+
# Fix error "The plain HTTP request was sent to HTTPS port"
87+
error_page 497 https://$host:$server_port$request_uri;
88+
89+
ssl on;
90+
ssl_certificate /usr/local/hestia/ssl/certificate.crt;
91+
ssl_certificate_key /usr/local/hestia/ssl/certificate.key;
92+
ssl_session_cache shared:SSL:10m;
93+
ssl_session_timeout 10m;
94+
95+
error_page 404 /error/404/index.html;
96+
error_page 403 /error/index.html;
97+
error_page 500 /error/index.html;
98+
99+
location / {
100+
expires max;
101+
index index.php;
102+
}
103+
104+
location /error/ {
105+
expires max;
106+
index index.html;
107+
}
108+
109+
location /rrd/ {
110+
expires off;
111+
internal;
112+
}
113+
114+
location /backup/ {
115+
root /;
116+
internal;
117+
}
118+
119+
location ~ \.php$ {
120+
include /usr/local/hestia/nginx/conf/fastcgi_params;
121+
fastcgi_param SCRIPT_FILENAME /usr/local/hestia/web/$fastcgi_script_name;
122+
fastcgi_param QUERY_STRING $query_string;
123+
fastcgi_pass unix:/var/run/hestia-php.sock;
124+
fastcgi_intercept_errors on;
125+
break;
126+
}
127+
}
128+
}

0 commit comments

Comments
 (0)