# nginx.conf - for general settings # /etc/nginx/conf.d/*.conf - for per host settings user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; events { worker_connections 10000; } http { ssl_certificate /etc/pki/web/site.crt; ssl_certificate_key /etc/pki/web/site.key; ssl_session_cache shared:SSL:10m; ssl_session_timeout 5m; ssl_session_tickets on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_dhparam /etc/nginx/dhparam.pem; #The recommended cipher suite for backwards compatibility (IE6/WinXP) ( https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html ) : ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; proxy_read_timeout 300; server_names_hash_bucket_size 512; include /etc/nginx/mime.types; default_type application/octet-stream; client_max_body_size 20M; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; keepalive_timeout 65; gzip on; gzip_proxied any; gzip_static on; gzip_types application/x-javascript text/css; gzip_min_length 1100; index index.php index.html index.htm; proxy_buffers 8 16k; proxy_buffer_size 32k; fastcgi_buffer_size 128k; fastcgi_buffers 4 256k; fastcgi_busy_buffers_size 256k; client_body_buffer_size 4m; proxy_buffering on; include /etc/nginx/conf.d/*.conf; }