Created
January 21, 2024 18:28
-
-
Save GamePlayer-8/f887da6b00b82cf013128d74c33e17a9 to your computer and use it in GitHub Desktop.
nginx config for debugging
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| worker_processes auto; | |
| worker_rlimit_nofile 100000; | |
| error_log logs/error.log; | |
| events { | |
| worker_connections 4096; | |
| use epoll; | |
| multi_accept on; | |
| } | |
| pid nginx.pid; | |
| http { | |
| access_log logs/access.log; | |
| include /etc/nginx/mime.types; | |
| default_type application/octet-stream; | |
| proxy_read_timeout 720s; | |
| proxy_connect_timeout 720s; | |
| proxy_send_timeout 720s; | |
| sendfile on; | |
| keepalive_timeout 60; | |
| gzip on; | |
| gzip_min_length 10240; | |
| gzip_comp_level 1; | |
| gzip_vary on; | |
| gzip_proxied expired no-cache no-store private auth; | |
| gzip_types | |
| text/css | |
| text/javascript | |
| text/xml | |
| text/plain | |
| text/x-component | |
| application/javascript | |
| application/x-javascript | |
| application/json | |
| application/xml | |
| application/rss+xml | |
| application/atom+xml | |
| font/truetype | |
| font/opentype | |
| application/vnd.ms-fontobject | |
| image/svg+xml; | |
| reset_timedout_connection on; | |
| send_timeout 60; | |
| keepalive_requests 100000; | |
| open_file_cache max=200000 inactive=60s; | |
| open_file_cache_valid 30s; | |
| open_file_cache_min_uses 2; | |
| open_file_cache_errors on; | |
| tcp_nodelay on; | |
| tcp_nopush on; | |
| # limit the number of connections per single IP | |
| limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m; | |
| # limit the number of requests for a given session | |
| limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=5r/s; | |
| # Do not show NGINX version | |
| server_tokens off; | |
| client_max_body_size 4G; | |
| # if the request body size is more than the buffer size, then the entire (or partial) | |
| # request body is written into a temporary file | |
| client_body_buffer_size 128k; | |
| # buffer size for reading client request header -- for testing environment | |
| client_header_buffer_size 3m; | |
| # maximum number and size of buffers for large headers to read from client request | |
| large_client_header_buffers 4 256k; | |
| # read timeout for the request body from client -- for testing environment | |
| client_body_timeout 3m; | |
| # how long to wait for the client to send a request header -- for testing environment | |
| client_header_timeout 3m; | |
| # Hashing | |
| types_hash_max_size 4096; | |
| server_names_hash_bucket_size 128; | |
| # Connection upgrade definition | |
| map $http_upgrade $connection_upgrade { | |
| default upgrade; | |
| '' close; | |
| } | |
| # Proxy Caching | |
| proxy_buffer_size 128k; | |
| proxy_buffers 64 512k; | |
| proxy_busy_buffers_size 512k; | |
| # Redirect HTTP to HTTPS | |
| server { | |
| listen 80 default_server; | |
| listen [::]:80 ipv6only=on default_server; | |
| server_name _; | |
| return 301 https://$host$request_uri; | |
| } | |
| server { | |
| listen 443 ssl http2; | |
| listen [::]:443 ssl http2; | |
| absolute_redirect off; | |
| location /codes { | |
| alias "codes"; | |
| autoindex on; | |
| } | |
| error_page 497 =301 https://$host:443$request_uri; | |
| error_page 400 401 402 | |
| 405 406 408 409 410 411 | |
| 412 413 414 415 416 421 | |
| 429 /codes/400x.html; | |
| error_page 404 /codes/404.html; | |
| error_page 403 /codes/403.html; | |
| error_page 500 501 503 | |
| 504 505 507 /codes/500x.html; | |
| error_page 502 /codes/502.html; | |
| resolver 127.0.0.1 valid=300s; | |
| resolver_timeout 5s; | |
| ssl_certificate keys/forgejo.xvm/web.crt; | |
| ssl_certificate_key keys/forgejo.xvm/web.key; | |
| ssl_dhparam keys/dhparams.pem; | |
| ssl_session_cache shared:le_nginx_SSL:10m; | |
| ssl_session_timeout 1440m; | |
| ssl_session_tickets off; | |
| ssl_protocols TLSv1.2 TLSv1.3; | |
| ssl_prefer_server_ciphers off; | |
| ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; | |
| ssl_stapling off; | |
| ssl_stapling_verify off; | |
| proxy_hide_header X-Frame-Options; | |
| add_header X-XSS-Protection "1; mode=block"; | |
| add_header X-Frame-Options "SAMEORIGIN"; | |
| server_name forgejo.xvm; | |
| proxy_read_timeout 720s; | |
| proxy_connect_timeout 720s; | |
| proxy_send_timeout 720s; | |
| client_max_body_size 6G; | |
| proxy_set_header X-Forwarded-Host $host; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header Connection $http_connection; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Host $host; | |
| access_log logs/access.forgejo.log; | |
| error_log logs/error.forgejo.log; | |
| location / { | |
| proxy_redirect off; | |
| proxy_pass http://127.0.0.1:18010; | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment