Danielk84/nginx-example.conf

## nginx-example.conf
user www;
worker_processes auto;
worker_cpu_affinity auto;

pid /run/nginx.pid;
error_log /var/log/nginx/error.log;

events {
	worker_connections 1000;
	# multi_accept on;
}

http {
	keepalive_requests 100;
	keepalive_timeout 10s;
	client_header_timeout 10s;

	resolver 127.0.0.1 valid=300s ipv6=off;
    	resolver_timeout 10s;

	log_format main	'$remote_addr - $remote_user [$time_local] '
                       	'"$request" $status $bytes_sent '
                       	'"$http_referer" "$http_user_agent" "$gzip_ratio"';
	access_log /var/log/nginx/access.log main;

	autoindex		off;
    	server_tokens       	off;
    	port_in_redirect	off;
    	tcp_nopush          	on;
    	tcp_nodelay         	on;

    	client_max_body_size 5m;
    	client_body_buffer_size 128k;
    	client_header_buffer_size 16k;

    	gzip                on;
    	gzip_vary           on;

	ssl_session_cache	shared:SSL:45m;
    	ssl_session_timeout	15m;
    	ssl_protocols 		TLSv1.2 TLSv1.3;
    	ssl_ciphers 		"ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!3DES:!aNULL:!MD5";
    	ssl_prefer_server_ciphers on;
	# ssl_dhparam 		/etc/ssl/certs/dhparams.pem;
    	ssl_ecdh_curve 		secp384r1;
    	ssl_buffer_size 	4k;

	ssl_certificate     server.crt;
    	ssl_certificate_key server.key;

	etag off;

	server {
		listen 443 ssl;
		http2 on;

		location / {
			# https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html
			add_header X-Frame-Options 		"DENY" always;
			add_header X-Content-Type-Options 	"nosniff" always;
			add_header Referrer-Policy 		"strict-origin-when-cross-origin" always;
			add_header Strict-Transport-Security	"max-age=63072000; includeSubDomains; preload";

			add_header Content-Type			"text/html; charset=UTF-8";

			return 200 "Hello World!\n";
		}

		# location / {
		# 	proxy_pass https://localhost:8443;
		# 	proxy_ssl_server_name on;
		# 	proxy_http_version 1.1;
		# 	proxy_ssl_protocols TLSv1.2 TLSv1.3;
		# 	proxy_ssl_verify off;
		# 	proxy_read_timeout 300s;
        	# 	proxy_connect_timeout 300s;
        	# 	proxy_send_timeout 300s;
		#
		#	proxy_set_header Host $host;
		#	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		# }
	}
}
	user www;
	worker_processes auto;
	worker_cpu_affinity auto;

	pid /run/nginx.pid;
	error_log /var/log/nginx/error.log;

	events {
	worker_connections 1000;
	# multi_accept on;
	}

	http {
	keepalive_requests 100;
	keepalive_timeout 10s;
	client_header_timeout 10s;

	resolver 127.0.0.1 valid=300s ipv6=off;
	resolver_timeout 10s;

	log_format main '$remote_addr - $remote_user [$time_local] '
	'"$request" $status $bytes_sent '
	'"$http_referer" "$http_user_agent" "$gzip_ratio"';
	access_log /var/log/nginx/access.log main;

	autoindex off;
	server_tokens off;
	port_in_redirect off;
	tcp_nopush on;
	tcp_nodelay on;

	client_max_body_size 5m;
	client_body_buffer_size 128k;
	client_header_buffer_size 16k;

	gzip on;
	gzip_vary on;

	ssl_session_cache shared:SSL:45m;
	ssl_session_timeout 15m;
	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!3DES:!aNULL:!MD5";
	ssl_prefer_server_ciphers on;
	# ssl_dhparam /etc/ssl/certs/dhparams.pem;
	ssl_ecdh_curve secp384r1;
	ssl_buffer_size 4k;

	ssl_certificate server.crt;
	ssl_certificate_key server.key;

	etag off;

	server {
	listen 443 ssl;
	http2 on;

	location / {
	# https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html
	add_header X-Frame-Options "DENY" always;
	add_header X-Content-Type-Options "nosniff" always;
	add_header Referrer-Policy "strict-origin-when-cross-origin" always;
	add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";

	add_header Content-Type "text/html; charset=UTF-8";

	return 200 "Hello World!\n";
	}

	# location / {
	# proxy_pass https://localhost:8443;
	# proxy_ssl_server_name on;
	# proxy_http_version 1.1;
	# proxy_ssl_protocols TLSv1.2 TLSv1.3;
	# proxy_ssl_verify off;
	# proxy_read_timeout 300s;
	# proxy_connect_timeout 300s;
	# proxy_send_timeout 300s;
	#
	# proxy_set_header Host $host;
	# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	# }
	}
	}
No results found