gaja-group
/
server-configs-nginx
mirror of https://github.com/h5bp/server-configs-nginx
2
0
Fork 0
Code Issues Releases Wiki Activity

replacing everything with more descriptive comments 

for people that don't know what the options do
This commit is contained in:
Aitte 2013-02-24 15:57:50 -05:00 committed by Andy Dawson
parent df1bdb7ab6
commit 4a0fa84b53
1 changed files with 38 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
nginx/nginx.conf
View File

@ -1,4 +1,4 @@
# Set another default user than root for security reasons # Run as a less privileged user for security reasons.
user www www; user www www;
# How many worker threads to run; "auto" sets it to the number # How many worker threads to run; "auto" sets it to the number
@ -10,55 +10,65 @@ user www www;
# max_clients = worker_processes * worker_connections # max_clients = worker_processes * worker_connections
worker_processes auto; worker_processes auto;
# Maximum file descriptors that can be opened per process # Maximum open file descriptors per process;
# This should be > worker_connections # should be > worker_connections.
worker_rlimit_nofile 8192; worker_rlimit_nofile 8192;
events { events {
# When you need > 8000 * cpu_cores connections, you start optimizing # When you need > 8000 * cpu_cores connections, you start optimizing
# your OS, and this is probably the point at where you hire people # your OS, and this is probably the point at where you hire people
# who are smarter than you, this is *a lot* of requests. # who are smarter than you, as this is *a lot* of requests.
worker_connections 8000; worker_connections 8000;
} }
# Change these paths to somewhere that suits you! # Default error log file (this is only used when you don't override error_log on a server{} level)
error_log logs/error.log; error_log logs/error.log warn;
pid logs/nginx.pid; pid /var/run/nginx.pid;
http { http {
# Set the mime-types via the mime.types external file # Hide nginx version information.
include mime.types; server_tokens off;
# And the fallback mime-type # Define the mime types for files.
default_type application/octet-stream; include /etc/nginx/mime.types;
default_type application/octet-stream;
# Format for our log files # Format for our log files
log_format main '$remote_addr - $remote_user [$time_local] $status ' log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" ' '"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'; '"$http_user_agent" "$http_x_forwarded_for"';
# Click tracking! # Default log file (this is only used when you don't override access_log on a server{} level)
access_log logs/access.log main; access_log logs/access.log main;
# Hide nginx version # How long to allow each connection to stay idle; longer values are better
server_tokens off; # for each individual client, particularly for SSL, but means that worker
# connections are tied up longer. (Default: 65)
# ~2 seconds is often enough for HTML/CSS, but connections in
# Nginx are cheap, so generally it's safe to increase it
keepalive_timeout 20; keepalive_timeout 20;
# You usually want to serve static files with Nginx # Speed up file transfers by using sendfile() to copy directly
sendfile on; # between descriptors rather than using read()/write().
sendfile on;
tcp_nopush on; # off may be better for Comet/long-poll stuff # Tell Nginx not to send out partial frames; this increases throughput
tcp_nodelay off; # on may be better for Comet/long-poll stuff # since TCP frames are filled up before being sent out. (adds TCP_CORK)
tcp_nopush on;
# Enable Gzip: # Tell Nginx to enable the Nagle buffering algorithm for TCP packets, which
# collates several smaller packets together into one larger packet, thus saving
# bandwidth at the cost of a nearly imperceptible increase to latency. (removes TCP_NODELAY)
tcp_nodelay off;
# Enable Gzip compressed responses from the server to massively speed up
# resource transfer times, especially for clients on slow connections.
# All browsers since ~1998 support Gzip compression.
gzip on; gzip on;
gzip_http_version 1.0; gzip_http_version 1.0; # enable compression both for HTTP/1.0 and HTTP/1.1, required for CloudFront
gzip_comp_level 5; gzip_disable "msie6"; # disable gzipping for ie 5.5 and ie 6
gzip_min_length 512; gzip_comp_level 5; # level is from 1-9; 5 is a perfect compromise between size and cpu usage, offering about 75% reduction for most ascii files (almost identical to level 9)
gzip_proxied any; gzip_min_length 256; # don't compress anything that's already tiny and unlikely to shrink much if at all (the default is 20 bytes, which is bad as that usually leads to larger files after gzipping)
gzip_proxied any; # compress data even for clients that are connecting to us via proxies (identified by the "Via" header), required for CloudFront
gzip_vary on; # tells proxies to cache both the gzipped and regular version of a resource whenever the client's Accept-Encoding capabilities header varies; avoids the issue where a non-gzip capable client (which is extremely rare today) would display gibberish if their proxy gave them the gzipped version
gzip_types gzip_types
# text/html is always compressed by HttpGzipModule # text/html is always compressed by HttpGzipModule
text/css text/css
@ -76,12 +86,9 @@ http {
# This should be turned on if you are going to have pre-compressed copies (.gz) of # This should be turned on if you are going to have pre-compressed copies (.gz) of
# static files available. If not it should be left off as it will cause extra I/O # static files available. If not it should be left off as it will cause extra I/O
# for the check. It would be better to enable this in a location {} block for # for the check. It is best if you enable this in a location{} block for
# a specific directory: # a specific directory, or on an individual server{} level.
# gzip_static on; # gzip_static on;
gzip_disable "msie6";
gzip_vary on;
include sites-enabled/*; include sites-enabled/*;
} }