|
|
@@ -0,0 +1,128 @@
|
|
|
+user admin;
|
|
|
+worker_processes 1;
|
|
|
+error_log /usr/local/hestia/log/nginx-error.log;
|
|
|
+pid /var/run/hestia-nginx.pid;
|
|
|
+
|
|
|
+events {
|
|
|
+ worker_connections 128;
|
|
|
+ use epoll;
|
|
|
+}
|
|
|
+
|
|
|
+http {
|
|
|
+ # Main settings
|
|
|
+ sendfile on;
|
|
|
+ tcp_nopush on;
|
|
|
+ tcp_nodelay on;
|
|
|
+ client_header_timeout 1m;
|
|
|
+ client_body_timeout 3m;
|
|
|
+ client_header_buffer_size 2k;
|
|
|
+ client_body_buffer_size 256k;
|
|
|
+ client_max_body_size 256m;
|
|
|
+ large_client_header_buffers 4 8k;
|
|
|
+ send_timeout 30;
|
|
|
+ keepalive_timeout 60 60;
|
|
|
+ reset_timedout_connection on;
|
|
|
+ server_tokens off;
|
|
|
+ server_name_in_redirect off;
|
|
|
+ server_names_hash_max_size 512;
|
|
|
+ server_names_hash_bucket_size 512;
|
|
|
+
|
|
|
+
|
|
|
+ # Log format
|
|
|
+ log_format main '$remote_addr - $remote_user [$time_local] $request '
|
|
|
+ '"$status" $body_bytes_sent "$http_referer" '
|
|
|
+ '"$http_user_agent" "$http_x_forwarded_for"';
|
|
|
+ log_format bytes '$body_bytes_sent';
|
|
|
+ access_log /usr/local/hestia/log/nginx-access.log main;
|
|
|
+
|
|
|
+
|
|
|
+ # SSL PCI Compliance
|
|
|
+ ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
|
|
|
+ ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
|
|
|
+ ssl_session_cache shared:SSL:10m;
|
|
|
+ ssl_prefer_server_ciphers on;
|
|
|
+
|
|
|
+
|
|
|
+ # Mime settings
|
|
|
+ include /usr/local/hestia/nginx/conf/mime.types;
|
|
|
+ default_type application/octet-stream;
|
|
|
+
|
|
|
+
|
|
|
+ # Compression
|
|
|
+ gzip on;
|
|
|
+ gzip_comp_level 9;
|
|
|
+ gzip_min_length 512;
|
|
|
+ gzip_buffers 8 64k;
|
|
|
+ gzip_types text/plain text/css text/javascript
|
|
|
+ application/x-javascript application/javascript;
|
|
|
+ gzip_proxied any;
|
|
|
+
|
|
|
+
|
|
|
+ # Proxy settings
|
|
|
+ proxy_redirect off;
|
|
|
+ proxy_set_header Host $host;
|
|
|
+ proxy_set_header X-Real-IP $remote_addr;
|
|
|
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
+ proxy_pass_header Set-Cookie;
|
|
|
+ proxy_connect_timeout 90;
|
|
|
+ proxy_send_timeout 90;
|
|
|
+ proxy_read_timeout 90;
|
|
|
+ proxy_buffers 32 4k;
|
|
|
+ fastcgi_read_timeout 300;
|
|
|
+
|
|
|
+ # Error pages
|
|
|
+ error_page 403 /error/403.html;
|
|
|
+ error_page 404 /error/404.html;
|
|
|
+ error_page 502 503 504 /error/50x.html;
|
|
|
+
|
|
|
+
|
|
|
+ # Vhost
|
|
|
+ server {
|
|
|
+ listen 8083;
|
|
|
+ server_name _;
|
|
|
+ root /usr/local/hestia/web;
|
|
|
+ charset utf-8;
|
|
|
+
|
|
|
+ # Fix error "The plain HTTP request was sent to HTTPS port"
|
|
|
+ error_page 497 https://$host:$server_port$request_uri;
|
|
|
+
|
|
|
+ ssl on;
|
|
|
+ ssl_certificate /usr/local/hestia/ssl/certificate.crt;
|
|
|
+ ssl_certificate_key /usr/local/hestia/ssl/certificate.key;
|
|
|
+ ssl_session_cache shared:SSL:10m;
|
|
|
+ ssl_session_timeout 10m;
|
|
|
+
|
|
|
+ error_page 404 /error/404/index.html;
|
|
|
+ error_page 403 /error/index.html;
|
|
|
+ error_page 500 /error/index.html;
|
|
|
+
|
|
|
+ location / {
|
|
|
+ expires max;
|
|
|
+ index index.php;
|
|
|
+ }
|
|
|
+
|
|
|
+ location /error/ {
|
|
|
+ expires max;
|
|
|
+ index index.html;
|
|
|
+ }
|
|
|
+
|
|
|
+ location /rrd/ {
|
|
|
+ expires off;
|
|
|
+ internal;
|
|
|
+ }
|
|
|
+
|
|
|
+ location /backup/ {
|
|
|
+ root /;
|
|
|
+ internal;
|
|
|
+ }
|
|
|
+
|
|
|
+ location ~ \.php$ {
|
|
|
+ include /usr/local/hestia/nginx/conf/fastcgi_params;
|
|
|
+ fastcgi_param SCRIPT_FILENAME /usr/local/hestia/web/$fastcgi_script_name;
|
|
|
+ fastcgi_param QUERY_STRING $query_string;
|
|
|
+ fastcgi_pass unix:/var/run/hestia-php.sock;
|
|
|
+ fastcgi_intercept_errors on;
|
|
|
+ break;
|
|
|
+ }
|
|
|
+ }
|
|
|
+}
|
Raphael Schneeberger