66 lines
1.9 KiB
Nginx Configuration File
66 lines
1.9 KiB
Nginx Configuration File
user www-data;
|
|
|
|
# detect based on available CPU cores
|
|
worker_processes auto;
|
|
|
|
# this is 4096 by default. See /proc/<PID>/limits and /etc/security/limits.conf
|
|
# usually twice the worker_connections (one for uptsream, one for downstream)
|
|
# see also LimitNOFILE=16384 in systemd drop-in
|
|
worker_rlimit_nofile 8192;
|
|
|
|
pid /run/nginx.pid;
|
|
|
|
events {
|
|
# a single worker has these many simultaneous connections max
|
|
worker_connections 4096;
|
|
}
|
|
|
|
http {
|
|
include mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
# the collectd config depends on this log format
|
|
log_format combined2 '$remote_addr - [$time_local] '
|
|
'"$request" $status $body_bytes_sent $request_time '
|
|
'"$http_referer" "$host" "$http_user_agent"';
|
|
|
|
# required for long host names
|
|
server_names_hash_bucket_size 128;
|
|
|
|
access_log /var/log/nginx/access.log combined2;
|
|
|
|
sendfile on;
|
|
|
|
# timeout for client to finish sending headers
|
|
client_header_timeout 30s;
|
|
|
|
# timeout for reading client request body (successive read timeout and not whole body!)
|
|
client_body_timeout 60s;
|
|
|
|
# keep-alive connections timeout in 65s. this is because many browsers timeout in 60 seconds
|
|
keepalive_timeout 65s;
|
|
|
|
# zones for rate limiting
|
|
limit_req_zone $binary_remote_addr zone=admin_login:10m rate=10r/s; # 10 request a second
|
|
|
|
|
|
# default http server that returns 404 for any domain we are not listening on
|
|
server {
|
|
listen 80 default_server;
|
|
listen [::]:80 default_server;
|
|
server_name does_not_match_anything;
|
|
|
|
# acme challenges (for app installation and re-configure when the vhost config does not exist)
|
|
location /.well-known/acme-challenge/ {
|
|
default_type text/plain;
|
|
alias /home/yellowtent/platformdata/acme/;
|
|
}
|
|
|
|
location / {
|
|
return 404;
|
|
}
|
|
}
|
|
|
|
include applications/*.conf;
|
|
}
|