Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
88 lines (70 sloc) 2.36 KB
user www-data;
worker_processes <%= scope.lookupvar('::virtual_processor_count') %>;
pid /run/nginx.pid;
events {
worker_connections 2048;
use epoll;
multi_accept on;
}
http {
# Basic settings
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 90;
client_max_body_size 250M;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# SSL Settings
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:EECDH+AES256:EECDH+3DES:!MD5;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 60m;
# GZIP Settings
gzip on;
gzip_disable "msie6";
gzip_comp_level 6;
gzip_min_length 500;
gzip_types text/plain text/css text/xml text/javascript image/gif image/jpeg
image/tiff
image/x-icon image/x-ms-bmp image/svg+xml
application/json application/javascript application/x-javascript
application/xml application/rss+xml application/atom+xml application/rdf
+xml
video/mp4 video/mpeg video/webmv video/x-flv;
# Default headers
add_header X-Served-By '<%= scope.lookupvar('::fqdn') %>';
# XSS Protection
add_header x-xss-protection "1; mode=block" always;
add_header X-Frame-Options "ALLOW-FROM static.miraheze.org";
# Add response time to access.log
log_format miraheze '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" $request_time '
'$ssl_protocol/$ssl_cipher';
# Logging
access_log /var/log/nginx/access.log miraheze;
error_log /var/log/nginx/error.log error;
# Set real IP for cache proxy web requests
set_real_ip_from 107.191.126.23; # cp2 (Atlanta)
set_real_ip_from 128.199.139.216; # cp3 (Singapore)
set_real_ip_from 81.4.109.133; # cp4 (Netherlands)
real_ip_header X-Real-IP;
# VHosts
include /etc/nginx/conf.d/*.conf;
server {
listen 8090;
listen [::]:8090;
server_name 127.0.0.1 localhost;
# Define the document root of the server e.g /var/www/html
root /var/www/html;
location /server-status {
stub_status;
access_log off;
allow 127.0.0.1;
}
}
include /etc/nginx/sites-enabled/*;
}
You can’t perform that action at this time.