nginx check list

# nginx.conf - for general settings
# /etc/nginx/conf.d/*.conf - for per host settings

user  nginx;
worker_processes auto;

error_log  /var/log/nginx/error.log;

pid        /run/nginx.pid;

events {
  worker_connections  10000;
}

http {

 ssl_certificate     /etc/pki/web/site.crt;
 ssl_certificate_key /etc/pki/web/site.key;
 ssl_session_cache shared:SSL:10m;
 ssl_session_timeout  5m;
 ssl_session_tickets on;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_prefer_server_ciphers on;
 ssl_dhparam /etc/nginx/dhparam.pem;
 #The recommended cipher suite for backwards compatibility (IE6/WinXP) ( https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html ) :
 ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";


  proxy_read_timeout 300;
  server_names_hash_bucket_size 512;
  include       /etc/nginx/mime.types;
  default_type  application/octet-stream;
  client_max_body_size 20M;
  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

  access_log  /var/log/nginx/access.log  main;

  sendfile        on;

  keepalive_timeout  65;

  gzip            on;
  gzip_proxied    any;
  gzip_static     on;
  gzip_types      application/x-javascript text/css;
  gzip_min_length 1100;

  index index.php index.html index.htm;

  proxy_buffers 8 16k;
  proxy_buffer_size 32k;

  fastcgi_buffer_size  128k;
  fastcgi_buffers  4 256k;
  fastcgi_busy_buffers_size  256k;

  client_body_buffer_size 4m;
  proxy_buffering on;

  include /etc/nginx/conf.d/*.conf;
}

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>