ivanionut · August 19, 2018 12:08
diff --git a/nginx.conf b/nginx.conf

 user  nginx;

 # one(1) worker or equal the number of _real_ cpu cores. 4=4 core cpu
 worker_processes  4;

 # renice workers to reduce priority compared to system processes for
 # machine health. worst case nginx will get ~25% system resources at nice=15
 worker_priority -5;

 timer_resolution 100ms;

 error_log  /var/log/nginx/error.log warn;
 pid        /var/run/nginx.pid;

 worker_rlimit_nofile 100000;

 events {
    worker_connections  1024;
    use epoll;
    # Accept as many connections as possible, after nginx gets notification about a new connection.
    multi_accept on;
 }


 http {

    server_tokens off;
    server_name_in_redirect off;

    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log  main buffer=16k;
    access_log off;

    # Timeouts, do not keep connections open longer then necessary to reduce
    # resource usage and deny Slowloris type attacks.

    # reset timed out connections freeing ram
    reset_timedout_connection on;
    # maximum time between packets the client can pause when sending nginx any data
    client_body_timeout 10s;
    # maximum time the client has to send the entire header to nginx
    client_header_timeout 10s;
    # timeout which a single keep-alive client connection will stay open
    keepalive_timeout 65s;
    # maximum time between packets nginx is allowed to pause when sending the client data
    send_timeout 10s;

    # number of requests per connection, does not affect SPDY
    keepalive_requests 100; 
  
    # buffers

    fastcgi_buffer_size 128k;
    fastcgi_buffers 256 16k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;

    proxy_buffer_size   128k; 
    proxy_buffers   4 256k;
    proxy_busy_buffers_size   256k;

    fastcgi_read_timeout 150;

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;

    types_hash_max_size 2048;
    #postpone_output 0;

    gzip on;
    gzip_vary on;
    gzip_comp_level 2;
    gzip_min_length 1000;
    gzip_proxied expired no-cache no-store private auth;
    gzip_types text/plain application/json text/xml application/xml;
    gzip_disable "msie6";

    client_max_body_size 20m;

    # fastcgi cache, caching request without session variable initialized by session_start()
    fastcgi_cache_path /var/cache/nginx/fastcgi_cache levels=1:2 keys_zone=fastcgi_cache:16m max_size=256m inactive=1d;
    fastcgi_temp_path /var/cache/nginx/fastcgi_temp 1 2;

    # DDoS Mitigation 
    limit_conn_zone $binary_remote_addr zone=perip:10m;
    limit_conn perip 100;

    limit_req_zone $binary_remote_addr zone=engine:10m rate=2r/s;
    limit_req_zone $binary_remote_addr zone=static:10m rate=100r/s;
    
    include /etc/nginx/conf.d/*.conf;
 }

	user nginx;

	# one(1) worker or equal the number of _real_ cpu cores. 4=4 core cpu
	worker_processes 4;

	# renice workers to reduce priority compared to system processes for
	# machine health. worst case nginx will get ~25% system resources at nice=15
	worker_priority -5;

	timer_resolution 100ms;

	error_log /var/log/nginx/error.log warn;
	pid /var/run/nginx.pid;

	worker_rlimit_nofile 100000;

	events {
	worker_connections 1024;
	use epoll;
	# Accept as many connections as possible, after nginx gets notification about a new connection.
	multi_accept on;
	}


	http {

	server_tokens off;
	server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

	access_log /var/log/nginx/access.log main buffer=16k;
	access_log off;

	# Timeouts, do not keep connections open longer then necessary to reduce
	# resource usage and deny Slowloris type attacks.

	# reset timed out connections freeing ram
	reset_timedout_connection on;
	# maximum time between packets the client can pause when sending nginx any data
	client_body_timeout 10s;
	# maximum time the client has to send the entire header to nginx
	client_header_timeout 10s;
	# timeout which a single keep-alive client connection will stay open
	keepalive_timeout 65s;
	# maximum time between packets nginx is allowed to pause when sending the client data
	send_timeout 10s;

	# number of requests per connection, does not affect SPDY
	keepalive_requests 100;

	# buffers

	fastcgi_buffer_size 128k;
	fastcgi_buffers 256 16k;
	fastcgi_busy_buffers_size 256k;
	fastcgi_temp_file_write_size 256k;

	proxy_buffer_size 128k;
	proxy_buffers 4 256k;
	proxy_busy_buffers_size 256k;

	fastcgi_read_timeout 150;

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;

	types_hash_max_size 2048;
	#postpone_output 0;

	gzip on;
	gzip_vary on;
	gzip_comp_level 2;
	gzip_min_length 1000;
	gzip_proxied expired no-cache no-store private auth;
	gzip_types text/plain application/json text/xml application/xml;
	gzip_disable "msie6";

	client_max_body_size 20m;

	# fastcgi cache, caching request without session variable initialized by session_start()
	fastcgi_cache_path /var/cache/nginx/fastcgi_cache levels=1:2 keys_zone=fastcgi_cache:16m max_size=256m inactive=1d;
	fastcgi_temp_path /var/cache/nginx/fastcgi_temp 1 2;

	# DDoS Mitigation
	limit_conn_zone $binary_remote_addr zone=perip:10m;
	limit_conn perip 100;

	limit_req_zone $binary_remote_addr zone=engine:10m rate=2r/s;
	limit_req_zone $binary_remote_addr zone=static:10m rate=100r/s;

	include /etc/nginx/conf.d/*.conf;
	}