blob: 5f701668efa9d312f19459983eccbf7550088fe1 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
## Proxy options
proxy_buffering on;
# proxy_cache_min_uses 3;
proxy_cache_path /var/nginx/proxy-cache/ levels=1:2 keys_zone=cache:10m inactive=10m max_size=1000M;
proxy_cache_valid any 10m;
proxy_ignore_client_abort off;
proxy_intercept_errors on;
proxy_next_upstream error timeout invalid_header;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_connect_timeout 60;
proxy_send_timeout 60;
proxy_read_timeout 60;
# We used to use this header when we ran dual http/https stacks to verify
# user login pages were being only requested over https, but now we forward
# every site to https, so we can assume our schemes are aligned to our interests
# (as long as all our backend code stopped checking for X-Forwarded-Proto too).
#proxy_set_header X-Forwarded-Proto $scheme;
## Size Limits
# May need to override these (server or location blocks) if doing large uploads.
# Setting to zero disables any size checking.
client_body_buffer_size 16k;
client_max_body_size 15m;
# If clients send headers larger than 1k,
# they get upgraded to large_client_header_buffers.
client_header_buffer_size 1k;
large_client_header_buffers 32 64k;
## Timeouts
client_body_timeout 5s;
client_header_timeout 5s;
keepalive_timeout 5s 5s;
#keepalive_timeout 0;
send_timeout 5s;
## General Options
ignore_invalid_headers on;
recursive_error_pages on;
#sendfile on; # enabled by top level config
server_name_in_redirect off;
server_tokens off;
# For per-client rate limiting, see config options at:
# https://nginx.org/en/docs/http/ngx_http_limit_conn_module.html
## Compression
#gzip on; # enabled by top level config
gzip_static on;
gzip_buffers 16 32k;
gzip_comp_level 6;
gzip_http_version 1.0;
gzip_min_length 500;
gzip_types text/plain application/x-javascript text/xml text/css image/x-icon application/xml application/xml+rss text/javascript application/javascript application/json image/svg+xml font/truetype font/opentype application/vnd.ms-fontobject;
gzip_vary on;
gzip_proxied any; # required for cloudfront to receive a gzip'd response
## Filesystem Operation Cache (caches fds, sizes, times, errors, etc)
open_file_cache max=6000 inactive=5m;
open_file_cache_valid 2m;
open_file_cache_min_uses 1;
open_file_cache_errors on;
# For reading a response from disk
output_buffers 32 32k;
## Optimize Large File Transfers (can be overriden in hosts and locations)
aio threads; # use default thread pool, create thread pools: threads=NAME;
aio_write on; # use threaded writes for temporary files and proxied data
# For files larger than 8 MB, use O_DIRECT instead of sendfile()
directio 8m;
directio_alignment 512; # if using XFS, set as 4096
## Access Log Caches
open_log_file_cache max=64 inactive=20s min_uses=1 valid=1m;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
|
