51 lines
1.5 KiB
Nginx Configuration File
51 lines
1.5 KiB
Nginx Configuration File
user www-data;
|
|
|
|
# detect based on available CPU cores
|
|
worker_processes auto;
|
|
|
|
# this is 4096 by default. See /proc/<PID>/limits and /etc/security/limits.conf
|
|
# usually twice the worker_connections (one for uptsream, one for downstream)
|
|
# see also LimitNOFILE=16384 in systemd drop-in
|
|
worker_rlimit_nofile 8192;
|
|
|
|
pid /run/nginx.pid;
|
|
|
|
events {
|
|
# a single worker has these many simultaneous connections max
|
|
worker_connections 4096;
|
|
}
|
|
|
|
http {
|
|
include mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
# required for long host names
|
|
server_names_hash_bucket_size 128;
|
|
|
|
# no query parameters since tokens might get logged
|
|
log_format no_query '$remote_addr - $remote_user [$time_local] '
|
|
'"$request_method $uri $server_protocol" '
|
|
'$status $body_bytes_sent '
|
|
'"$http_referer" "$http_user_agent"';
|
|
|
|
access_log /var/log/nginx/access.log no_query;
|
|
|
|
sendfile on;
|
|
|
|
# timeout for client to finish sending headers
|
|
client_header_timeout 30s;
|
|
|
|
# timeout for reading client request body (successive read timeout and not whole body!)
|
|
client_body_timeout 60s;
|
|
|
|
# keep-alive connections timeout in 65s. this is because many browsers timeout in 60 seconds
|
|
keepalive_timeout 65s;
|
|
|
|
# zones for rate limiting
|
|
limit_req_zone $binary_remote_addr zone=admin_login:10m rate=10r/s; # 10 request a second
|
|
|
|
include trusted.ips;
|
|
include applications/*.conf;
|
|
include applications/*/*.conf;
|
|
}
|