server-configs-nginx/nginx.conf

# Configuration File - Nginx Server Configs
# https://nginx.org/en/docs/

# Run as a unique, less privileged user for security reasons.
# Default: nobody nobody
# https://nginx.org/en/docs/ngx_core_module.html#user
user www www;

# Sets the worker threads to the number of CPU cores available in the system for best performance.
# Should be > the number of CPU cores.
# Maximum number of connections = worker_processes * worker_connections
# Default: 1
# https://nginx.org/en/docs/ngx_core_module.html#worker_processes
worker_processes auto;

# Maximum number of open files per worker process.
# Should be > worker_connections.
# Default: no limit
# https://nginx.org/en/docs/ngx_core_module.html#worker_rlimit_nofile
worker_rlimit_nofile 8192;

# Provides the configuration file context in which the directives
# that affect connection processing are specified.
# https://nginx.org/en/docs/ngx_core_module.html#events
events {

  # If you need more connections than this, you start optimizing your OS.
  # That's probably the point at which you hire people who are smarter than you as this is *a lot* of requests.
  # Should be < worker_rlimit_nofile.
  # Default: 512
  # https://nginx.org/en/docs/ngx_core_module.html#worker_connections
  worker_connections 8000;

}

# Log errors and warnings to this file
# This is only used when you don't override it on a server{} level
# Default: logs/error.log error
# https://nginx.org/en/docs/ngx_core_module.html#error_log
error_log logs/error.log warn;

# The file storing the process ID of the main process
# Default: logs/nginx.pid
# https://nginx.org/en/docs/ngx_core_module.html#pid
pid /var/run/nginx.pid;

http {

  # Hide nginx version information.
  include h5bp/security/server_software_information.conf;

  # Specify MIME types for files.
  # https://nginx.org/en/docs/http/ngx_http_core_module.html#types
  include mime.types;

  # Default: text/plain
  # https://nginx.org/en/docs/http/ngx_http_core_module.html#default_type
  default_type application/octet-stream;

  # Specify a charset
  # https://nginx.org/en/docs/http/ngx_http_charset_module.html#charset
  charset utf-8;

  # Update charset_types to match updated mime.types.
  # text/html is always included by charset module.
  # Default: text/html text/xml text/plain text/vnd.wap.wml application/javascript application/rss+xml
  # https://nginx.org/en/docs/http/ngx_http_charset_module.html#charset_types
  charset_types
    text/css
    text/plain
    text/vnd.wap.wml
    text/javascript
    application/json
    application/rss+xml
    application/xml;

  # Include $http_x_forwarded_for within default format used in log files
  # https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format
  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

  # Log access to this file
  # This is only used when you don't override it on a server{} level
  # Default: logs/access.log combined
  # https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log
  access_log logs/access.log main;

  # How long to allow each connection to stay idle.
  # Longer values are better for each individual client, particularly for SSL,
  # but means that worker connections are tied up longer.
  # Default: 75s
  # https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout
  keepalive_timeout 20s;

  # Speed up file transfers by using sendfile() to copy directly
  # between descriptors rather than using read()/write().
  # For performance reasons, on FreeBSD systems w/ ZFS
  # this option should be disabled as ZFS's ARC caches
  # frequently used files in RAM by default.
  # Default: off
  # https://nginx.org/en/docs/http/ngx_http_core_module.html#sendfile
  sendfile on;

  # Don't send out partial frames; this increases throughput
  # since TCP frames are filled up before being sent out.
  # Default: off
  # https://nginx.org/en/docs/http/ngx_http_core_module.html#tcp_nopush
  tcp_nopush on;

  # Enable gzip compression.
  include h5bp/web_performance/compression.conf;

  # Include files in the sites-enabled folder. server{} configuration files should be
  # placed in the sites-available folder, and then the configuration should be enabled
  # by creating a symlink to it in the sites-enabled folder.
  # See doc/sites-enabled.md for more info.
  include sites-enabled/*;

}
Improve comments in nginx.conf 2016-01-23 14:45:07 +01:00			`# Configuration File - Nginx Server Configs`
Tweaks and lint 2018-11-25 22:07:01 +01:00			`# https://nginx.org/en/docs/`
Update server configs Update some of the server configurations to match the ones used in the Apache hypertext access file. 2013-03-29 22:49:16 +01:00
Improve comments in nginx.conf 2016-01-23 14:45:07 +01:00			`# Run as a unique, less privileged user for security reasons.`
Add defaults to all directives in nginx.conf The reason most of these are changed is already covered by the existing doc block closes #127 2017-05-06 18:30:09 +02:00			`# Default: nobody nobody`
Split directives to enforce atomic structure * Enforce H5BP style * Improve inline documentation to simplify maintenance * Prepare v3 2018-11-23 17:14:15 +01:00			`# https://nginx.org/en/docs/ngx_core_module.html#user`
code style consistency across nginx configs 2013-01-12 20:33:17 +01:00			`user www www;`
whats up, sweetass configurations? boom boom. 2010-12-15 06:12:17 +01:00
Improve comments in nginx.conf 2016-01-23 14:45:07 +01:00			`# Sets the worker threads to the number of CPU cores available in the system for best performance.`
			`# Should be > the number of CPU cores.`
			`# Maximum number of connections = worker_processes * worker_connections`
Add defaults to all directives in nginx.conf The reason most of these are changed is already covered by the existing doc block closes #127 2017-05-06 18:30:09 +02:00			`# Default: 1`
Split directives to enforce atomic structure * Enforce H5BP style * Improve inline documentation to simplify maintenance * Prepare v3 2018-11-23 17:14:15 +01:00			`# https://nginx.org/en/docs/ngx_core_module.html#worker_processes`
fix #113 2015-08-30 03:05:56 +02:00			`worker_processes auto;`
whats up, sweetass configurations? boom boom. 2010-12-15 06:12:17 +01:00
Improve comments in nginx.conf 2016-01-23 14:45:07 +01:00			`# Maximum number of open files per worker process.`
			`# Should be > worker_connections.`
Add defaults to all directives in nginx.conf The reason most of these are changed is already covered by the existing doc block closes #127 2017-05-06 18:30:09 +02:00			`# Default: no limit`
Split directives to enforce atomic structure * Enforce H5BP style * Improve inline documentation to simplify maintenance * Prepare v3 2018-11-23 17:14:15 +01:00			`# https://nginx.org/en/docs/ngx_core_module.html#worker_rlimit_nofile`
whats up, sweetass configurations? boom boom. 2010-12-15 06:12:17 +01:00			`worker_rlimit_nofile 8192;`

Split directives to enforce atomic structure * Enforce H5BP style * Improve inline documentation to simplify maintenance * Prepare v3 2018-11-23 17:14:15 +01:00			`# Provides the configuration file context in which the directives`
			`# that affect connection processing are specified.`
			`# https://nginx.org/en/docs/ngx_core_module.html#events`
whats up, sweetass configurations? boom boom. 2010-12-15 06:12:17 +01:00			`events {`
Split directives to enforce atomic structure * Enforce H5BP style * Improve inline documentation to simplify maintenance * Prepare v3 2018-11-23 17:14:15 +01:00
Improve comments in nginx.conf 2016-01-23 14:45:07 +01:00			`# If you need more connections than this, you start optimizing your OS.`
Fix typo 2016-03-22 16:23:52 +01:00			`# That's probably the point at which you hire people who are smarter than you as this is a lot of requests.`
Improve comments in nginx.conf 2016-01-23 14:45:07 +01:00			`# Should be < worker_rlimit_nofile.`
Add defaults to all directives in nginx.conf The reason most of these are changed is already covered by the existing doc block closes #127 2017-05-06 18:30:09 +02:00			`# Default: 512`
Split directives to enforce atomic structure * Enforce H5BP style * Improve inline documentation to simplify maintenance * Prepare v3 2018-11-23 17:14:15 +01:00			`# https://nginx.org/en/docs/ngx_core_module.html#worker_connections`
one more space 2013-01-12 21:16:02 +01:00			`worker_connections 8000;`
Split directives to enforce atomic structure * Enforce H5BP style * Improve inline documentation to simplify maintenance * Prepare v3 2018-11-23 17:14:15 +01:00
whats up, sweetass configurations? boom boom. 2010-12-15 06:12:17 +01:00			`}`

Improve comments in nginx.conf 2016-01-23 14:45:07 +01:00			`# Log errors and warnings to this file`
			`# This is only used when you don't override it on a server{} level`
Add defaults to all directives in nginx.conf The reason most of these are changed is already covered by the existing doc block closes #127 2017-05-06 18:30:09 +02:00			`# Default: logs/error.log error`
Split directives to enforce atomic structure * Enforce H5BP style * Improve inline documentation to simplify maintenance * Prepare v3 2018-11-23 17:14:15 +01:00			`# https://nginx.org/en/docs/ngx_core_module.html#error_log`
			`error_log logs/error.log warn;`
Improve comments in nginx.conf 2016-01-23 14:45:07 +01:00
			`# The file storing the process ID of the main process`
Split directives to enforce atomic structure * Enforce H5BP style * Improve inline documentation to simplify maintenance * Prepare v3 2018-11-23 17:14:15 +01:00			`# Default: logs/nginx.pid`
			`# https://nginx.org/en/docs/ngx_core_module.html#pid`
			`pid /var/run/nginx.pid;`
whats up, sweetass configurations? boom boom. 2010-12-15 06:12:17 +01:00
			`http {`
Update server configs Update some of the server configurations to match the ones used in the Apache hypertext access file. 2013-03-29 22:49:16 +01:00
replacing everything with more descriptive comments for people that don't know what the options do 2013-02-24 21:57:50 +01:00			`# Hide nginx version information.`
Split directives to enforce atomic structure * Enforce H5BP style * Improve inline documentation to simplify maintenance * Prepare v3 2018-11-23 17:14:15 +01:00			`include h5bp/security/server_software_information.conf;`
whats up, sweetass configurations? boom boom. 2010-12-15 06:12:17 +01:00
Improve comments in nginx.conf 2016-01-23 14:45:07 +01:00			`# Specify MIME types for files.`
Split directives to enforce atomic structure * Enforce H5BP style * Improve inline documentation to simplify maintenance * Prepare v3 2018-11-23 17:14:15 +01:00			`# https://nginx.org/en/docs/http/ngx_http_core_module.html#types`
			`include mime.types;`
Add defaults to all directives in nginx.conf The reason most of these are changed is already covered by the existing doc block closes #127 2017-05-06 18:30:09 +02:00
			`# Default: text/plain`
Split directives to enforce atomic structure * Enforce H5BP style * Improve inline documentation to simplify maintenance * Prepare v3 2018-11-23 17:14:15 +01:00			`# https://nginx.org/en/docs/http/ngx_http_core_module.html#default_type`
			`default_type application/octet-stream;`

			`# Specify a charset`
			`# https://nginx.org/en/docs/http/ngx_http_charset_module.html#charset`
			`charset utf-8;`
whats up, sweetass configurations? boom boom. 2010-12-15 06:12:17 +01:00
Improve comments in nginx.conf 2016-01-23 14:45:07 +01:00			`# Update charset_types to match updated mime.types.`
			`# text/html is always included by charset module.`
Add defaults to all directives in nginx.conf The reason most of these are changed is already covered by the existing doc block closes #127 2017-05-06 18:30:09 +02:00			`# Default: text/html text/xml text/plain text/vnd.wap.wml application/javascript application/rss+xml`
Split directives to enforce atomic structure * Enforce H5BP style * Improve inline documentation to simplify maintenance * Prepare v3 2018-11-23 17:14:15 +01:00			`# https://nginx.org/en/docs/http/ngx_http_charset_module.html#charset_types`
Updated gzip_types and charset_types … both are now using the same coding convention. Each type in its own row and `text/html` comment at the top (where all comments are placed). 2016-08-20 17:17:01 +02:00			`charset_types`
			`text/css`
			`text/plain`
			`text/vnd.wap.wml`
reflect mime changes in nginx.conf 2017-12-10 21:35:38 +01:00			`text/javascript`
Updated gzip_types and charset_types … both are now using the same coding convention. Each type in its own row and `text/html` comment at the top (where all comments are placed). 2016-08-20 17:17:01 +02:00			`application/json`
			`application/rss+xml`
			`application/xml;`
Fix charset_types as mime.types is updated 2014-01-16 10:09:05 +01:00
Improve comments in nginx.conf 2016-01-23 14:45:07 +01:00			`# Include $http_x_forwarded_for within default format used in log files`
Split directives to enforce atomic structure * Enforce H5BP style * Improve inline documentation to simplify maintenance * Prepare v3 2018-11-23 17:14:15 +01:00			`# https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format`
nginx.conf: repair broken log format (someone had swapped two variables around, breaking the intended apache log format compatibility) Conflicts: nginx/nginx.conf 2013-02-24 21:44:12 +01:00			`log_format main '$remote_addr - $remote_user [$time_local] "$request" '`
			`'$status $body_bytes_sent "$http_referer" '`
			`'"$http_user_agent" "$http_x_forwarded_for"';`
whats up, sweetass configurations? boom boom. 2010-12-15 06:12:17 +01:00
Improve comments in nginx.conf 2016-01-23 14:45:07 +01:00			`# Log access to this file`
			`# This is only used when you don't override it on a server{} level`
Add defaults to all directives in nginx.conf The reason most of these are changed is already covered by the existing doc block closes #127 2017-05-06 18:30:09 +02:00			`# Default: logs/access.log combined`
Split directives to enforce atomic structure * Enforce H5BP style * Improve inline documentation to simplify maintenance * Prepare v3 2018-11-23 17:14:15 +01:00			`# https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log`
code style consistency across nginx configs 2013-01-12 20:33:17 +01:00			`access_log logs/access.log main;`
whats up, sweetass configurations? boom boom. 2010-12-15 06:12:17 +01:00
Improve comments in nginx.conf 2016-01-23 14:45:07 +01:00			`# How long to allow each connection to stay idle.`
			`# Longer values are better for each individual client, particularly for SSL,`
			`# but means that worker connections are tied up longer.`
Add defaults to all directives in nginx.conf The reason most of these are changed is already covered by the existing doc block closes #127 2017-05-06 18:30:09 +02:00			`# Default: 75s`
Split directives to enforce atomic structure * Enforce H5BP style * Improve inline documentation to simplify maintenance * Prepare v3 2018-11-23 17:14:15 +01:00			`# https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout`
Specify that keepalive_timeout is in seconds 2016-01-23 14:59:22 +01:00			`keepalive_timeout 20s;`
whats up, sweetass configurations? boom boom. 2010-12-15 06:12:17 +01:00
replacing everything with more descriptive comments for people that don't know what the options do 2013-02-24 21:57:50 +01:00			`# Speed up file transfers by using sendfile() to copy directly`
			`# between descriptors rather than using read()/write().`
fix format. Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> 2015-12-04 15:25:31 +01:00			`# For performance reasons, on FreeBSD systems w/ ZFS`
Added FreeBSD w/ ZFS performance instructions On FreeBSD systems with ZFS, sendfile() is useless as ZFS's caching subsystem (adaptive replacement cache a.k.a ARC) already caches most frequently used files in RAM. Disabling sendfile() avoids redundant data caching. References: https://calomel.org/nginx.html http://blog.vx.sk/uploads/conferences/EuroBSDcon2012/zfs-tuning-handout.pdf 2015-07-06 19:10:45 +02:00			`# this option should be disabled as ZFS's ARC caches`
			`# frequently used files in RAM by default.`
Add defaults to all directives in nginx.conf The reason most of these are changed is already covered by the existing doc block closes #127 2017-05-06 18:30:09 +02:00			`# Default: off`
Split directives to enforce atomic structure * Enforce H5BP style * Improve inline documentation to simplify maintenance * Prepare v3 2018-11-23 17:14:15 +01:00			`# https://nginx.org/en/docs/http/ngx_http_core_module.html#sendfile`
			`sendfile on;`
whats up, sweetass configurations? boom boom. 2010-12-15 06:12:17 +01:00
Improve comments in nginx.conf 2016-01-23 14:45:07 +01:00			`# Don't send out partial frames; this increases throughput`
			`# since TCP frames are filled up before being sent out.`
Add defaults to all directives in nginx.conf The reason most of these are changed is already covered by the existing doc block closes #127 2017-05-06 18:30:09 +02:00			`# Default: off`
Split directives to enforce atomic structure * Enforce H5BP style * Improve inline documentation to simplify maintenance * Prepare v3 2018-11-23 17:14:15 +01:00			`# https://nginx.org/en/docs/http/ngx_http_core_module.html#tcp_nopush`
			`tcp_nopush on;`
whats up, sweetass configurations? boom boom. 2010-12-15 06:12:17 +01:00
Improve comments in nginx.conf 2016-01-23 14:45:07 +01:00			`# Enable gzip compression.`
Split directives to enforce atomic structure * Enforce H5BP style * Improve inline documentation to simplify maintenance * Prepare v3 2018-11-23 17:14:15 +01:00			`include h5bp/web_performance/compression.conf;`
whats up, sweetass configurations? boom boom. 2010-12-15 06:12:17 +01:00
Add an inline documentation link to the sites-enabled documentation page. 2015-06-12 15:52:16 +02:00			`# Include files in the sites-enabled folder. server{} configuration files should be`
Explain why everything in the sites-enabled folder is included 2015-06-11 16:27:20 +02:00			`# placed in the sites-available folder, and then the configuration should be enabled`
Update nginx.conf Typo: sites-available should be sites-enabled 2015-11-25 09:49:15 +01:00			`# by creating a symlink to it in the sites-enabled folder.`
Add an inline documentation link to the sites-enabled documentation page. 2015-06-12 15:52:16 +02:00			`# See doc/sites-enabled.md for more info.`
Rename default.conf to example.com This should encourage users to keep the config files indexed by domain name 2012-07-23 12:45:05 +02:00			`include sites-enabled/*;`
Split directives to enforce atomic structure * Enforce H5BP style * Improve inline documentation to simplify maintenance * Prepare v3 2018-11-23 17:14:15 +01:00
whats up, sweetass configurations? boom boom. 2010-12-15 06:12:17 +01:00			`}`