# nginx.conf # https://www.tweaked.io/guide/nginx/ # https://www.tweaked.io/guide/nginx-proxying/ # https://medium.com/website-performance-optimization/6-best-practices-for-optimizing-your-nginx-performance-4e800785ad42 # https://www.rosehosting.com/blog/how-to-speed-up-your-nginx-website/ # https://hostadvice.com/how-to/how-to-tune-and-optimize-performance-of-nginx-web-server/ # https://kinsta.com/blog/enable-gzip-compression/ # https://devdocs.prestashop-project.org/1.7/scale/webservers/nginx/ # https://www.cyberciti.biz/tips/linux-unix-bsd-nginx-webserver-security.html user nginx; pid /var/run/nginx.pid; worker_processes auto; worker_rlimit_nofile 40000; include /etc/nginx/modules-enabled/*.conf; error_log /var/log/nginx/error.log; events { worker_connections 1024; multi_accept on; use epoll; } http { include /etc/nginx/mime.types; default_type application/octet-stream; server_tokens off; sendfile on; tcp_nopush on; tcp_nodelay on; access_log off; #access_log /var/log/nginx/access.log; types_hash_max_size 2048; client_body_buffer_size 64K; client_header_buffer_size 64k; client_max_body_size 128k; large_client_header_buffers 8 16k; keepalive_timeout 65; keepalive_requests 100000; send_timeout 30; client_body_timeout 30; client_header_timeout 30; reset_timedout_connection on; open_file_cache max=2000 inactive=20s; open_file_cache_valid 60s; open_file_cache_min_uses 5; open_file_cache_errors off; add_header X-XSS-Protection "1; mode=block"; add_header X-Frame-Options "SAMEORIGIN"; add_header X-Content-Type-Options nosniff; add_header Strict-Transport-Security "max-age=63072000" always; gzip on; gzip_static on; gzip_min_length 1024; gzip_comp_level 6; gzip_http_version 1.1; gzip_vary on; gzip_disable msie6; gzip_disable "MSIE [1-6]\."; gzip_proxied any; gzip_buffers 16 8k; gzip_types text/plain text/css text/xml text/javascript text/x-component application/x-javascript application/xml application/javascript application/json application/xml+rss application/rss+xml application/atom+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml application/geo+json application/ld+json application/manifest+json application/rdf+xml application/wasm application/x-web-app-manifest+json application/xhtml+xml font/eot font/otf font/ttf image/bmp text/cache-manifest text/calendar text/markdown text/vcard text/vnd.rim.location.xloc text/vtt text/x-cross-domain-policy application/x-font-ttf image/x-icon; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers on; ssl_session_timeout 10m; ssl_session_cache shared:MySSL:10m; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; include /etc/nginx/conf.d/*.conf; }