faster nginx
Browse files- nginx.conf +35 -1
nginx.conf
CHANGED
|
@@ -3,6 +3,8 @@ pid /tmp/nginx.pid;
|
|
| 3 |
|
| 4 |
events {
|
| 5 |
worker_connections 1024;
|
|
|
|
|
|
|
| 6 |
}
|
| 7 |
|
| 8 |
http {
|
|
@@ -10,10 +12,31 @@ http {
|
|
| 10 |
default_type application/octet-stream;
|
| 11 |
|
| 12 |
access_log /tmp/access.log;
|
| 13 |
-
error_log /tmp/error.log;
|
| 14 |
|
| 15 |
sendfile on;
|
|
|
|
|
|
|
| 16 |
keepalive_timeout 65;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 17 |
|
| 18 |
server {
|
| 19 |
listen 8080;
|
|
@@ -22,8 +45,19 @@ http {
|
|
| 22 |
root /usr/share/nginx/html;
|
| 23 |
index index.html;
|
| 24 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 25 |
location / {
|
| 26 |
try_files $uri $uri/ /index.html;
|
| 27 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 28 |
}
|
| 29 |
}
|
|
|
|
| 3 |
|
| 4 |
events {
|
| 5 |
worker_connections 1024;
|
| 6 |
+
use epoll;
|
| 7 |
+
multi_accept on;
|
| 8 |
}
|
| 9 |
|
| 10 |
http {
|
|
|
|
| 12 |
default_type application/octet-stream;
|
| 13 |
|
| 14 |
access_log /tmp/access.log;
|
| 15 |
+
error_log /tmp/error.log warn;
|
| 16 |
|
| 17 |
sendfile on;
|
| 18 |
+
tcp_nopush on;
|
| 19 |
+
tcp_nodelay on;
|
| 20 |
keepalive_timeout 65;
|
| 21 |
+
types_hash_max_size 2048;
|
| 22 |
+
server_tokens off;
|
| 23 |
+
|
| 24 |
+
# Gzip Settings
|
| 25 |
+
gzip on;
|
| 26 |
+
gzip_vary on;
|
| 27 |
+
gzip_proxied any;
|
| 28 |
+
gzip_comp_level 6;
|
| 29 |
+
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
| 30 |
+
|
| 31 |
+
# Security headers
|
| 32 |
+
add_header X-Frame-Options "SAMEORIGIN" always;
|
| 33 |
+
add_header X-XSS-Protection "1; mode=block" always;
|
| 34 |
+
add_header X-Content-Type-Options "nosniff" always;
|
| 35 |
+
add_header Referrer-Policy "no-referrer-when-downgrade" always;
|
| 36 |
+
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
|
| 37 |
+
|
| 38 |
+
# Rate limiting zone
|
| 39 |
+
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
|
| 40 |
|
| 41 |
server {
|
| 42 |
listen 8080;
|
|
|
|
| 45 |
root /usr/share/nginx/html;
|
| 46 |
index index.html;
|
| 47 |
|
| 48 |
+
# Caching static assets
|
| 49 |
+
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
|
| 50 |
+
expires 30d;
|
| 51 |
+
add_header Cache-Control "public, no-transform";
|
| 52 |
+
}
|
| 53 |
+
|
| 54 |
location / {
|
| 55 |
try_files $uri $uri/ /index.html;
|
| 56 |
}
|
| 57 |
+
|
| 58 |
+
# Disallow access to .htaccess files
|
| 59 |
+
location ~ /\.ht {
|
| 60 |
+
deny all;
|
| 61 |
+
}
|
| 62 |
}
|
| 63 |
}
|