b26c8d20cd
This allows the user to set trusted ips to Cloudflare or some other CDN and have the logs have the correct IPs. fixes #801
45 lines
1.2 KiB
Nginx Configuration File
45 lines
1.2 KiB
Nginx Configuration File
user www-data;
|
|
|
|
# detect based on available CPU cores
|
|
worker_processes auto;
|
|
|
|
# this is 4096 by default. See /proc/<PID>/limits and /etc/security/limits.conf
|
|
# usually twice the worker_connections (one for uptsream, one for downstream)
|
|
# see also LimitNOFILE=16384 in systemd drop-in
|
|
worker_rlimit_nofile 8192;
|
|
|
|
pid /run/nginx.pid;
|
|
|
|
events {
|
|
# a single worker has these many simultaneous connections max
|
|
worker_connections 4096;
|
|
}
|
|
|
|
http {
|
|
include mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
# required for long host names
|
|
server_names_hash_bucket_size 128;
|
|
|
|
access_log /var/log/nginx/access.log combined;
|
|
|
|
sendfile on;
|
|
|
|
# timeout for client to finish sending headers
|
|
client_header_timeout 30s;
|
|
|
|
# timeout for reading client request body (successive read timeout and not whole body!)
|
|
client_body_timeout 60s;
|
|
|
|
# keep-alive connections timeout in 65s. this is because many browsers timeout in 60 seconds
|
|
keepalive_timeout 65s;
|
|
|
|
# zones for rate limiting
|
|
limit_req_zone $binary_remote_addr zone=admin_login:10m rate=10r/s; # 10 request a second
|
|
|
|
include trusted.ips;
|
|
include applications/*.conf;
|
|
include applications/*/*.conf;
|
|
}
|