nginx config update

Author: Serghey Rodin

install/debian/7/nginx/nginx.conf

@@ -1,14 +1,16 @@
 # Server globals
 user                    www-data;
-worker_processes        2;
-error_log               /var/log/nginx/error.log;
+worker_processes        auto;
+worker_rlimit_nofile    65535;
+error_log               /var/log/nginx/error.log crit;
 pid                     /var/run/nginx.pid;
 
 
 # Worker config
 events {
         worker_connections  1024;
         use                 epoll;
+        multi_accept        on;
 }
 
 
@@ -37,7 +39,7 @@ http {
                         '"$status" $body_bytes_sent "$http_referer" '
                         '"$http_user_agent" "$http_x_forwarded_for"';
     log_format  bytes   '$body_bytes_sent';
-    #access_log          /var/log/nginx/access.log  main;
+    #access_log          /var/log/nginx/access.log main;
     access_log off;
 
 
@@ -51,9 +53,9 @@ http {
     gzip_comp_level     9;
     gzip_min_length     512;
     gzip_buffers        8 64k;
-    gzip_types          text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml application/x-font-ttf font/opentype;
+    gzip_types          text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype;
     gzip_proxied        any;
-
+    gzip_disable        "MSIE [1-6]\.";
 
     # Proxy settings
     proxy_redirect      off;
@@ -103,21 +105,30 @@ http {
     error_page          502 503 504  /error/50x.html;
 
 
-    # Cache
-    proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=512m;
+    # Cache settings
+    proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m;
     proxy_cache_key "$host$request_uri $cookie_user";
     proxy_temp_path  /var/cache/nginx/temp;
     proxy_ignore_headers Expires Cache-Control;
     proxy_cache_use_stale error timeout invalid_header http_502;
-    proxy_cache_valid any 3d;
+    proxy_cache_valid any 1d;
+
 
+    # Cache bypass
     map $http_cookie $no_cache {
         default 0;
         ~SESS 1;
         ~wordpress_logged_in 1;
     }
 
 
+    # File cache settings
+    open_file_cache          max=10000 inactive=30s;
+    open_file_cache_valid    60s;
+    open_file_cache_min_uses 2;
+    open_file_cache_errors   off;
+
+
     # Wildcard include
     include             /etc/nginx/conf.d/*.conf;
 }

install/debian/8/nginx/nginx.conf

@@ -1,14 +1,16 @@
 # Server globals
 user                    www-data;
-worker_processes        2;
-error_log               /var/log/nginx/error.log;
+worker_processes        auto;
+worker_rlimit_nofile    65535;
+error_log               /var/log/nginx/error.log crit;
 pid                     /var/run/nginx.pid;
 
 
 # Worker config
 events {
         worker_connections  1024;
         use                 epoll;
+        multi_accept        on;
 }
 
 
@@ -37,7 +39,7 @@ http {
                         '"$status" $body_bytes_sent "$http_referer" '
                         '"$http_user_agent" "$http_x_forwarded_for"';
     log_format  bytes   '$body_bytes_sent';
-    #access_log          /var/log/nginx/access.log  main;
+    #access_log          /var/log/nginx/access.log main;
     access_log off;
 
 
@@ -51,9 +53,9 @@ http {
     gzip_comp_level     9;
     gzip_min_length     512;
     gzip_buffers        8 64k;
-    gzip_types          text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml application/x-font-ttf font/opentype;
+    gzip_types          text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype;
     gzip_proxied        any;
-
+    gzip_disable        "MSIE [1-6]\.";
 
     # Proxy settings
     proxy_redirect      off;
@@ -103,21 +105,30 @@ http {
     error_page          502 503 504  /error/50x.html;
 
 
-    # Cache
-    proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=512m;
+    # Cache settings
+    proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m;
     proxy_cache_key "$host$request_uri $cookie_user";
     proxy_temp_path  /var/cache/nginx/temp;
     proxy_ignore_headers Expires Cache-Control;
     proxy_cache_use_stale error timeout invalid_header http_502;
-    proxy_cache_valid any 3d;
+    proxy_cache_valid any 1d;
+
 
+    # Cache bypass
     map $http_cookie $no_cache {
         default 0;
         ~SESS 1;
         ~wordpress_logged_in 1;
     }
 
 
+    # File cache settings
+    open_file_cache          max=10000 inactive=30s;
+    open_file_cache_valid    60s;
+    open_file_cache_min_uses 2;
+    open_file_cache_errors   off;
+
+
     # Wildcard include
     include             /etc/nginx/conf.d/*.conf;
 }

install/rhel/5/nginx/nginx.conf

@@ -1,14 +1,16 @@
 # Server globals
 user                    nginx;
-worker_processes        2;
-error_log               /var/log/nginx/error.log;
+worker_processes        auto;
+worker_rlimit_nofile    65535;
+error_log               /var/log/nginx/error.log crit;
 pid                     /var/run/nginx.pid;
 
 
 # Worker config
 events {
         worker_connections  1024;
         use                 epoll;
+        multi_accept        on;
 }
 
 
@@ -37,7 +39,7 @@ http {
                         '"$status" $body_bytes_sent "$http_referer" '
                         '"$http_user_agent" "$http_x_forwarded_for"';
     log_format  bytes   '$body_bytes_sent';
-    #access_log          /var/log/nginx/access.log  main;
+    #access_log          /var/log/nginx/access.log main;
     access_log off;
 
 
@@ -51,8 +53,9 @@ http {
     gzip_comp_level     9;
     gzip_min_length     512;
     gzip_buffers        8 64k;
-    gzip_types          text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml application/x-font-ttf font/opentype;
+    gzip_types          text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype;
     gzip_proxied        any;
+    gzip_disable        "MSIE [1-6]\.";
 
 
     # Proxy settings
@@ -67,6 +70,29 @@ http {
     proxy_buffers       32 4k;
 
 
+    # Cloudflare https://www.cloudflare.com/ips
+    set_real_ip_from   199.27.128.0/21;
+    set_real_ip_from   173.245.48.0/20;
+    set_real_ip_from   103.21.244.0/22;
+    set_real_ip_from   103.22.200.0/22;
+    set_real_ip_from   103.31.4.0/22;
+    set_real_ip_from   141.101.64.0/18;
+    set_real_ip_from   108.162.192.0/18;
+    set_real_ip_from   190.93.240.0/20;
+    set_real_ip_from   188.114.96.0/20;  
+    set_real_ip_from   197.234.240.0/22;
+    set_real_ip_from   198.41.128.0/17;
+    set_real_ip_from   162.158.0.0/15;
+    set_real_ip_from   104.16.0.0/12;
+    set_real_ip_from   172.64.0.0/13;
+    #set_real_ip_from   2400:cb00::/32;
+    #set_real_ip_from   2606:4700::/32;
+    #set_real_ip_from   2803:f800::/32;
+    #set_real_ip_from   2405:b500::/32;
+    #set_real_ip_from   2405:8100::/32;
+    real_ip_header     CF-Connecting-IP;
+
+
     # SSL PCI Compliance
     ssl_session_cache   shared:SSL:10m;
     ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
@@ -80,21 +106,30 @@ http {
     error_page          502 503 504  /error/50x.html;
 
 
-    # Cache
-    proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=512m;
-    proxy_temp_path  /var/cache/nginx/temp;
+    # Cache settings
+    proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m;
     proxy_cache_key "$host$request_uri $cookie_user";
+    proxy_temp_path  /var/cache/nginx/temp;
     proxy_ignore_headers Expires Cache-Control;
     proxy_cache_use_stale error timeout invalid_header http_502;
-    proxy_cache_valid any 3d;
+    proxy_cache_valid any 1d;
 
+
+    # Cache bypass
     map $http_cookie $no_cache {
         default 0;
         ~SESS 1;
         ~wordpress_logged_in 1;
     }
 
 
+    # File cache settings
+    open_file_cache          max=10000 inactive=30s;
+    open_file_cache_valid    60s;
+    open_file_cache_min_uses 2;
+    open_file_cache_errors   off;
+
+
     # Wildcard include
     include             /etc/nginx/conf.d/*.conf;
 }

install/rhel/6/nginx/nginx.conf

@@ -1,14 +1,16 @@
 # Server globals
 user                    nginx;
-worker_processes        2;
-error_log               /var/log/nginx/error.log;
+worker_processes        auto;
+worker_rlimit_nofile    65535;
+error_log               /var/log/nginx/error.log crit;
 pid                     /var/run/nginx.pid;
 
 
 # Worker config
 events {
         worker_connections  1024;
         use                 epoll;
+        multi_accept        on;
 }
 
 
@@ -37,7 +39,7 @@ http {
                         '"$status" $body_bytes_sent "$http_referer" '
                         '"$http_user_agent" "$http_x_forwarded_for"';
     log_format  bytes   '$body_bytes_sent';
-    #access_log          /var/log/nginx/access.log  main;
+    #access_log          /var/log/nginx/access.log main;
     access_log off;
 
 
@@ -51,8 +53,9 @@ http {
     gzip_comp_level     9;
     gzip_min_length     512;
     gzip_buffers        8 64k;
-    gzip_types          text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml application/x-font-ttf font/opentype;
+    gzip_types          text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype;
     gzip_proxied        any;
+    gzip_disable        "MSIE [1-6]\.";
 
 
     # Proxy settings
@@ -67,6 +70,29 @@ http {
     proxy_buffers       32 4k;
 
 
+    # Cloudflare https://www.cloudflare.com/ips
+    set_real_ip_from   199.27.128.0/21;
+    set_real_ip_from   173.245.48.0/20;
+    set_real_ip_from   103.21.244.0/22;
+    set_real_ip_from   103.22.200.0/22;
+    set_real_ip_from   103.31.4.0/22;
+    set_real_ip_from   141.101.64.0/18;
+    set_real_ip_from   108.162.192.0/18;
+    set_real_ip_from   190.93.240.0/20;
+    set_real_ip_from   188.114.96.0/20;  
+    set_real_ip_from   197.234.240.0/22;
+    set_real_ip_from   198.41.128.0/17;
+    set_real_ip_from   162.158.0.0/15;
+    set_real_ip_from   104.16.0.0/12;
+    set_real_ip_from   172.64.0.0/13;
+    #set_real_ip_from   2400:cb00::/32;
+    #set_real_ip_from   2606:4700::/32;
+    #set_real_ip_from   2803:f800::/32;
+    #set_real_ip_from   2405:b500::/32;
+    #set_real_ip_from   2405:8100::/32;
+    real_ip_header     CF-Connecting-IP;
+
+
     # SSL PCI Compliance
     ssl_session_cache   shared:SSL:10m;
     ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
@@ -80,21 +106,30 @@ http {
     error_page          502 503 504  /error/50x.html;
 
 
-    # Cache
-    proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=512m;
-    proxy_temp_path  /var/cache/nginx/temp;
+    # Cache settings
+    proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m;
     proxy_cache_key "$host$request_uri $cookie_user";
+    proxy_temp_path  /var/cache/nginx/temp;
     proxy_ignore_headers Expires Cache-Control;
     proxy_cache_use_stale error timeout invalid_header http_502;
-    proxy_cache_valid any 3d;
+    proxy_cache_valid any 1d;
 
+
+    # Cache bypass
     map $http_cookie $no_cache {
         default 0;
         ~SESS 1;
         ~wordpress_logged_in 1;
     }
 
 
+    # File cache settings
+    open_file_cache          max=10000 inactive=30s;
+    open_file_cache_valid    60s;
+    open_file_cache_min_uses 2;
+    open_file_cache_errors   off;
+
+
     # Wildcard include
     include             /etc/nginx/conf.d/*.conf;
 }