# $KYAULabs: nginx.conf,v 1.1.7 2021/05/03 18:14:27 kyau Exp $ # Help / Additional Info {{{ # always test configuration before reload! # $ sudo nginx -t # reload the configuration by using reload not restart! # $ sudo systemctl reload nginx # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ # }}} # enables the use of "just-in-time compilation" for the regular expressions # known by the time of configuration parsing pcre_jit on; # user and group credentials used by worker processes user www-data www-data; # number of worker processes (auto will autodetect number of CPU cores) worker_processes auto; # binds worker processes automatically to available CPUs worker_cpu_affinity auto; # number of file descriptors used for nginx worker_rlimit_nofile 65535; events { # worker process will accept one/all (off/on) connection(s) at a time multi_accept on; # maximum number of simultaneous connections that can be opened by a worker worker_connections 4096; } http { # mime types include /nginx/conf.d/mime.types; # to boost I/O on HDD we can disable access logs access_log off; # read and send using multi-threading, without blocking a worker process aio threads; # hide index pages autoindex off; # add to 'Content-Type' response header charset utf-8; # request timed out -- default 60 client_body_timeout 10; # sets the maximum allowed size of the client request body -- default 1 client_max_body_size 16m; # default mime type default_type text/plain; # enable gzipping of responses gzip on; # disables gzipping of responses for msie6 and below gzip_disable "msie6"; # minimum length of a response that will be gzipped -- default 20 gzip_min_length 1024; # gzip compression level -- default 1 gzip_comp_level 6; gzip_vary on; gzip_proxied expired no-cache no-store private auth; # text/html is always compressed gzip_types text/css text/javascript text/xml text/x-component application/javascript application/x-javascript application/json application/xml application/rss+xml application/atom+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml; # files that will be used as an index, checked in the specified order index index.php index.html index.htm index.txt; # enables keep-alive connections with all browsers keepalive_disable none; # keep-alive client connections stay active for -- default 75 keepalive_timeout 30s; # specifies log format log_format main '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent"'; # disables logging of errors about not found files into error_log log_not_found off; # cache open file descriptors, directories and file lookup errors open_file_cache max=10240 inactive=20s; open_file_cache_valid 30s; open_file_cache_min_uses 2; open_file_cache_errors on; # allow the server to close connection on non responding client, this will # free up memory reset_timedout_connection on; # if client stops responding, free up memory -- default 60 send_timeout 8; # copies data between one FD and other from within the kernel faster than # read() + write() sendfile on; # bucket size for the server names hash tables server_names_hash_bucket_size 128; # disables emitting nginx version on error pages and in the "server" # response header field server_tokens off; # send headers in one piece, it is better than sending them one by one tcp_nopush on; # don't buffer data sent, good for small data bursts in real time tcp_nodelay on; # hash table maximum size -- default 1024 types_hash_max_size 4096; # include domain configuration files include /nginx/vhosts.d/*.conf; # redirect all non-encrypted (http) traffic to encrypted (https) server { server_name _; listen *:80 default_server; listen [::]:80 default_server; return 301 https://$host$request_uri; } } # vim: ft=nginx sts=4 sw=4 ts=4 noet :