-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathnginx.vh.default.conf
153 lines (125 loc) · 5.17 KB
/
nginx.vh.default.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
server {
listen 80;
server_name localhost;
#access_log /var/log/nginx/host.access.log main;
#Brotli Compression
brotli on;
brotli_comp_level 6;
brotli_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml;
# gzip
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# location / {
# return 301 https://example.com$request_uri;
# }
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# server_name example.com;
# #root /var/www/example.com/public;
# #Brotli Compression
# brotli on;
# brotli_comp_level 6;
# brotli_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml;
# # gzip
# gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
# # SSL
# ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
# ssl_dhparam /etc/certs/dhparam.pem;
# # SSL Session
# ssl_session_timeout 1d;
# ssl_session_cache shared:SSL:10m; # about 40000 sessions
# ssl_session_tickets off;
# # Mozilla Modern configuration
# ssl_protocols TLSv1.3;
# ssl_prefer_server_ciphers off;
# # OCSP Stapling
# ssl_stapling on;
# ssl_stapling_verify on;
# resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
# resolver_timeout 2s;
# # security headers
# add_header X-Frame-Options "SAMEORIGIN" always;
# add_header X-XSS-Protection "1; mode=block" always;
# add_header X-Content-Type-Options "nosniff" always;
# add_header Referrer-Policy "no-referrer-when-downgrade" always;
# add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# # ACME-challenge
# # location ^~ /.well-known/acme-challenge/ {
# # root /var/www/_letsencrypt;
# # }
# # favicon.ico
# location = /favicon.ico {
# log_not_found off;
# access_log off;
# }
# # robots.txt
# location = /robots.txt {
# log_not_found off;
# access_log off;
# }
# # assets, media
# location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
# expires 7d;
# access_log off;
# }
# # svg, fonts
# location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
# add_header Access-Control-Allow-Origin "*";
# expires 7d;
# access_log off;
# }
# #reverse proxy
# location / {
# # Country Restrict
# if ($geoip2_data_country_code !~ CN) {
# return 403;
# }
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Host $host;
# proxy_redirect off;
# proxy_intercept_errors on; #大于300的错误响应,统一用Nginx错误页
# proxy_bind $remote_addr transparent; #需要Root权限
# client_max_body_size 2m; #允许客户端请求的最大单文件字节数
# client_body_buffer_size 128k; #缓冲区代理缓冲用户端请求的最大字节数
# proxy_connect_timeout 60; #nginx跟后端服务器连接超时时间(代理连接超时)
# proxy_send_timeout 60; #后端服务器数据回传时间(代理发送超时)
# proxy_read_timeout 60; #连接成功后,后端服务器响应时间(代理接收超时)
# proxy_buffer_size 4k; #设置代理服务器(nginx)保存用户头信息的缓冲区大小
# proxy_buffers 4 32k; #proxy_buffers缓冲区,网页平均在32k以下的话,这样设置
# proxy_busy_buffers_size 64k; #高负荷下缓冲大小(proxy_buffers*2)
# proxy_temp_file_write_size 64k; #设定缓存文件夹大小,大于这个值,将从upstream服务器传
# proxy_pass http://127.0.0.1; #后端网关
# error_page 404 /404.html;
# error_page 500 502 503 504 /50x.html;
# }
# }