# nginx.conf - for general settings
# /etc/nginx/conf.d/*.conf - for per host settings
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections 10000;
}
http {
ssl_certificate /etc/pki/web/site.crt;
ssl_certificate_key /etc/pki/web/site.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_session_tickets on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem;
#The recommended cipher suite for backwards compatibility (IE6/WinXP) ( https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html ) :
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
proxy_read_timeout 300;
server_names_hash_bucket_size 512;
include /etc/nginx/mime.types;
default_type application/octet-stream;
client_max_body_size 20M;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
gzip on;
gzip_proxied any;
gzip_static on;
gzip_types application/x-javascript text/css;
gzip_min_length 1100;
index index.php index.html index.htm;
proxy_buffers 8 16k;
proxy_buffer_size 32k;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
client_body_buffer_size 4m;
proxy_buffering on;
include /etc/nginx/conf.d/*.conf;
}