Changeset View
Changeset View
Standalone View
Standalone View
swh/web/tests/resources/contents/code/filenames/nginx.conf
- This file was added.
# Configuration File - Nginx Server Configs | |||||
# https://nginx.org/en/docs/ | |||||
# Run as a unique, less privileged user for security reasons. | |||||
# Default: nobody nobody | |||||
# https://nginx.org/en/docs/ngx_core_module.html#user | |||||
# https://en.wikipedia.org/wiki/Principle_of_least_privilege | |||||
user www-data; | |||||
# Sets the worker threads to the number of CPU cores available in the system for | |||||
# best performance. Should be > the number of CPU cores. | |||||
# Maximum number of connections = worker_processes * worker_connections | |||||
# Default: 1 | |||||
# https://nginx.org/en/docs/ngx_core_module.html#worker_processes | |||||
worker_processes auto; | |||||
# Maximum number of open files per worker process. | |||||
# Should be > worker_connections. | |||||
# Default: no limit | |||||
# https://nginx.org/en/docs/ngx_core_module.html#worker_rlimit_nofile | |||||
worker_rlimit_nofile 8192; | |||||
# Provides the configuration file context in which the directives that affect | |||||
# connection processing are specified. | |||||
# https://nginx.org/en/docs/ngx_core_module.html#events | |||||
events { | |||||
# If you need more connections than this, you start optimizing your OS. | |||||
# That's probably the point at which you hire people who are smarter than you | |||||
# as this is *a lot* of requests. | |||||
# Should be < worker_rlimit_nofile. | |||||
# Default: 512 | |||||
# https://nginx.org/en/docs/ngx_core_module.html#worker_connections | |||||
worker_connections 8000; | |||||
} | |||||
# Log errors and warnings to this file | |||||
# This is only used when you don't override it on a `server` level | |||||
# Default: logs/error.log error | |||||
# https://nginx.org/en/docs/ngx_core_module.html#error_log | |||||
error_log /var/log/nginx/error.log warn; | |||||
# The file storing the process ID of the main process | |||||
# Default: logs/nginx.pid | |||||
# https://nginx.org/en/docs/ngx_core_module.html#pid | |||||
pid /var/run/nginx.pid; | |||||
http { | |||||
# Hide Nginx version information. | |||||
include h5bp/security/server_software_information.conf; | |||||
# Specify media (MIME) types for files. | |||||
include h5bp/media_types/media_types.conf; | |||||
# Set character encodings. | |||||
include h5bp/media_types/character_encodings.conf; | |||||
# Include $http_x_forwarded_for within default format used in log files | |||||
# https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format | |||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | |||||
'$status $body_bytes_sent "$http_referer" ' | |||||
'"$http_user_agent" "$http_x_forwarded_for"'; | |||||
# Log access to this file | |||||
# This is only used when you don't override it on a `server` level | |||||
# Default: logs/access.log combined | |||||
# https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log | |||||
access_log /var/log/nginx/access.log main; | |||||
# How long to allow each connection to stay idle. | |||||
# Longer values are better for each individual client, particularly for SSL, | |||||
# but means that worker connections are tied up longer. | |||||
# Default: 75s | |||||
# https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout | |||||
keepalive_timeout 20s; | |||||
# Speed up file transfers by using `sendfile()` to copy directly between | |||||
# descriptors rather than using `read()`/`write()``. | |||||
# For performance reasons, on FreeBSD systems w/ ZFS this option should be | |||||
# disabled as ZFS's ARC caches frequently used files in RAM by default. | |||||
# Default: off | |||||
# https://nginx.org/en/docs/http/ngx_http_core_module.html#sendfile | |||||
sendfile on; | |||||
# Don't send out partial frames; this increases throughput since TCP frames | |||||
# are filled up before being sent out. | |||||
# Default: off | |||||
# https://nginx.org/en/docs/http/ngx_http_core_module.html#tcp_nopush | |||||
tcp_nopush on; | |||||
# Enable gzip compression. | |||||
include h5bp/web_performance/compression.conf; | |||||
# Specify file cache expiration. | |||||
include h5bp/web_performance/cache_expiration.conf; | |||||
# Add X-XSS-Protection for HTML documents. | |||||
# h5bp/security/x-xss-protection.conf | |||||
map $sent_http_content_type $x_xss_protection { | |||||
# (1) (2) | |||||
~*text/html "1; mode=block"; | |||||
} | |||||
# Add X-Frame-Options for HTML documents. | |||||
# h5bp/security/x-frame-options.conf | |||||
map $sent_http_content_type $x_frame_options { | |||||
~*text/html DENY; | |||||
} | |||||
# Add Content-Security-Policy for HTML documents. | |||||
# h5bp/security/content-security-policy.conf | |||||
map $sent_http_content_type $content_security_policy { | |||||
~*text/html "default-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests"; | |||||
} | |||||
# Add Referrer-Policy for HTML documents. | |||||
# h5bp/security/referrer-policy.conf.conf | |||||
map $sent_http_content_type $referrer_policy { | |||||
~*text/html "no-referrer-when-downgrade"; | |||||
} | |||||
# Add X-UA-Compatible for HTML documents. | |||||
# h5bp/internet_explorer/x-ua-compatible.conf | |||||
map $sent_http_content_type $x_ua_compatible { | |||||
~*text/html "IE=edge"; | |||||
} | |||||
# Add Access-Control-Allow-Origin. | |||||
# h5bp/cross-origin/requests.conf | |||||
map $sent_http_content_type $cors { | |||||
# Images | |||||
~*image/ "*"; | |||||
# Web fonts | |||||
~*font/ "*"; | |||||
~*application/vnd.ms-fontobject "*"; | |||||
~*application/x-font-ttf "*"; | |||||
~*application/font-woff "*"; | |||||
~*application/x-font-woff "*"; | |||||
~*application/font-woff2 "*"; | |||||
} | |||||
# Include files in the conf.d folder. | |||||
# `server` configuration files should be placed in the conf.d folder. | |||||
# The configurations should be disabled by prefixing files with a dot. | |||||
include conf.d/*.conf; | |||||
} |