-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnginx.conf
172 lines (155 loc) · 6.99 KB
/
nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
user nginx;
worker_processes auto;
worker_rlimit_nofile 65535;
error_log /var/log/nginx/error.log notice; # or you can set to /dev/null
pid /var/run/nginx.pid;
# load modules
##############
# GeoIP module
load_module modules/ngx_http_geoip_module.so;
load_module modules/ngx_stream_geoip_module.so;
# VTS module
# If you compile Nginx VTS module, you can uncomment this.
# load_module modules/ngx_http_vhost_traffic_status_module.so;
events {
use epoll;
multi_accept on;
worker_connections 65535; # Nginx default: 1024
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# http GeoIP module
###################
# http://nginx.org/en/docs/http/ngx_http_geoip_module.html
geoip_country /usr/share/GeoIP/GeoIP.dat;
# defines Cloudflare trusted addresses.
include /etc/nginx/snippets/cloudflare_geoip_proxy.conf;
geoip_proxy_recursive on;
# Cloudflare IPs
################
include /etc/nginx/snippets/cloudflare_real_ips.conf;
real_ip_header X-Forwarded-For; # or CF-Connecting-IP if you use CloudFlare
# cloudflare map
include /etc/nginx/snippets/cloudflare_whitelist.conf;
# extended Nginx VTS status example
###################################
# Do not use if you don't load the ngx_http_vhost_traffic_status_module
# vhost_traffic_status_zone;
# vhost_traffic_status_filter_by_set_key $geoip_country_code country::*;
# Logging
#########
# the default Nginx format
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# VCOMBINED log format style
# you can use this format with external tools like GoAccess.
log_format vcombined '$host:$server_port '
'$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
# JSON style log format, Grfana Cloud "Nginx Integration" compatible
log_format json_analytics escape=json '{'
'"msec": "$msec", ' # request unixtime in seconds with a milliseconds resolution
'"connection": "$connection", ' # connection serial number
'"connection_requests": "$connection_requests", ' # number of requests made in connection
'"pid": "$pid", ' # process pid
'"request_id": "$request_id", ' # the unique request id
'"request_length": "$request_length", ' # request length (including headers and body)
'"remote_addr": "$remote_addr", ' # client IP
'"remote_user": "$remote_user", ' # client HTTP username
'"remote_port": "$remote_port", ' # client port
'"time_local": "$time_local", '
'"time_iso8601": "$time_iso8601", ' # local time in the ISO 8601 standard format
'"request": "$request", ' # full path no arguments if the request
'"request_uri": "$request_uri", ' # full path and arguments if the request
'"args": "$args", ' # args
'"status": "$status", ' # response status code
'"body_bytes_sent": "$body_bytes_sent", ' # the number of body bytes exclude headers sent to a client
'"bytes_sent": "$bytes_sent", ' # the number of bytes sent to a client
'"http_referer": "$http_referer", ' # HTTP referer
'"http_user_agent": "$http_user_agent", ' # user agent
'"http_x_forwarded_for": "$http_x_forwarded_for", ' # http_x_forwarded_for
'"http_host": "$http_host", ' # the request Host: header
'"server_name": "$server_name", ' # the name of the vhost serving the request
'"request_time": "$request_time", ' # request processing time in seconds with msec resolution
'"upstream": "$upstream_addr", ' # upstream backend server for proxied requests
'"upstream_connect_time": "$upstream_connect_time", ' # upstream handshake time incl. TLS
'"upstream_header_time": "$upstream_header_time", ' # time spent receiving upstream headers
'"upstream_response_time": "$upstream_response_time", ' # time spent receiving upstream body
'"upstream_response_length": "$upstream_response_length", ' # upstream response length
'"upstream_cache_status": "$upstream_cache_status", ' # cache HIT/MISS where applicable
'"ssl_protocol": "$ssl_protocol", ' # TLS protocol
'"ssl_cipher": "$ssl_cipher", ' # TLS cipher
'"scheme": "$scheme", ' # http or https
'"request_method": "$request_method", ' # request method
'"server_protocol": "$server_protocol", ' # request protocol, like HTTP/1.1 or HTTP/2.0
'"pipe": "$pipe", ' # "p" if request was pipelined, "." otherwise
'"gzip_ratio": "$gzip_ratio", '
'"geoip_country_code": "$geoip_country_code"'
'}';
# You can set "loggable" things based on available Nginx variable.
map $request_uri$http_user_agent $is_loggable {
~*local 0;
~*Uptime-Kuma.* 0;
default 1;
}
access_log off;
# access_log /var/log/nginx/access.log main;
# combining all those log configuration, you can even send log to remote
# syslog server. Eg:
#access_log syslog:server=192.168.0.7:514,facility=local7,tag=nginx,severity=info vcombined if=$is_loggable;
#access_log syslog:server=192.168.0.7:514,facility=local7,tag=nginx_grafana,severity=info json_analytics if=$is_loggable;
log_not_found off;
# Common nginx http block configuration
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
types_hash_max_size 2048;
types_hash_bucket_size 64;
keepalive_timeout 65;
# If you reverse-proxying TOR hostname, you may set (or increase) these values:
server_names_hash_bucket_size 128;
# GZIP
######
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6; # 1-9
gzip_types text/plain text/css text/xml application/json text/javascript application/javascript application/x-javascript application/xml application/xml+rss application/atom+xml image/svg+xml;
gzip_min_length 20;
gzip_buffers 16 8k;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
# Upstream module example
#########################
# upstream backend1 {
# keepalive 2;
# # ip_hash;
# server 192.168.0.101:80;
# server 192.168.0.102:80 fail_timeout=1;
# server 192.168.0.103:80 fail_timeout=1 weight=3;
# }
# upstream backend2 {
# server 192.168.1.8:443;
# server 192.168.2.8:443 backup;
# }
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*.conf;
}
# TCP and UDP proxy stream example
##################################
# stream {
# # TCP proxy stream example
# server {
# listen 3333;
# proxy_pass 192.168.0.9:3333;
# }
# # UDP proxy stream example
# server {
# listen 53 udp;
# proxy_pass 192.168.1.104:53;
# }
# }
# vim: ft=nginx ts=4 sw=4 et