lzlrd · October 18, 2023 03:03
diff --git a/nginx.conf b/nginx.conf
 load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so;
 load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so;
 load_module /usr/lib/nginx/modules/ngx_http_zstd_filter_module.so;
 load_module /usr/lib/nginx/modules/ngx_http_zstd_static_module.so;

 user nginx;

 worker_processes auto;

 error_log /var/log/nginx/error.log notice;

 pid /var/run/nginx.pid;

 pcre_jit on;

 quic_bpf on;

 events {
 	worker_connections 1024;
 }


 http {
 	include /etc/nginx/mime.types;
 	default_type application/octet-stream;

 	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
 		'$status $body_bytes_sent "$http_referer" '
 		'"$http_user_agent" "$http_x_forwarded_for"';

 	access_log /var/log/nginx/access.log main;

 	sendfile on;

 	aio threads;
 	aio_write on;

 	# directio 8m;
 	# directio_alignment 4096;

 	tcp_nodelay on;
 	tcp_nopush on;

 	brotli on;
 	brotli_types application/atom+xml application/javascript application/json application/vnd.api+json application/rss+xml
 		application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype
 		application/x-font-ttf application/x-javascript application/xhtml+xml application/xml
 		font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon
 		image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;
 	zstd on;
 	zstd_types application/atom+xml application/javascript application/json application/vnd.api+json application/rss+xml
 		application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype
 		application/x-font-ttf application/x-javascript application/xhtml+xml application/xml
 		font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon
 		image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;

 	keepalive_timeout 60;

 	server_tokens off;

 	http3 on;
 	http2 on;

 	quic_gso on;
 	quic_retry on;

 	ssl_certificate /path/to/your/fullchain.pem;
 	ssl_certificate_key /path/to/your/privkey.pem;
 	ssl_session_timeout 1d;
 	ssl_session_cache shared:MozSSL:10m;
 	ssl_session_tickets off;

 	ssl_conf_command Options KTLS,PrioritizeChaCha;

 	ssl_protocols TLSv1.3;
 	ssl_prefer_server_ciphers off;

 	add_header Strict-Transport-Security "max-age=63072000" always;
 	add_header Alt-Svc 'h3=":443"; ma=86400';

 	ssl_stapling on;
 	ssl_stapling_verify on;

 	ssl_trusted_certificate /path/to/your/chain.pem;

 	ssl_early_data on;

 	ssl_dyn_rec_enable on;

 	ssl_ecdh_curve x25519_kyber768:x25519_kyber512:p384_kyber768:x25519:secp521r1:secp384r1:prime256v1;

 	resolver 1.1.1.1;

 	include /etc/nginx/conf.d/*.conf;
 }
	load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so;
	load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so;
	load_module /usr/lib/nginx/modules/ngx_http_zstd_filter_module.so;
	load_module /usr/lib/nginx/modules/ngx_http_zstd_static_module.so;

	user nginx;

	worker_processes auto;

	error_log /var/log/nginx/error.log notice;

	pid /var/run/nginx.pid;

	pcre_jit on;

	quic_bpf on;

	events {
	worker_connections 1024;
	}


	http {
	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

	access_log /var/log/nginx/access.log main;

	sendfile on;

	aio threads;
	aio_write on;

	# directio 8m;
	# directio_alignment 4096;

	tcp_nodelay on;
	tcp_nopush on;

	brotli on;
	brotli_types application/atom+xml application/javascript application/json application/vnd.api+json application/rss+xml
	application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype
	application/x-font-ttf application/x-javascript application/xhtml+xml application/xml
	font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon
	image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;
	zstd on;
	zstd_types application/atom+xml application/javascript application/json application/vnd.api+json application/rss+xml
	application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype
	application/x-font-ttf application/x-javascript application/xhtml+xml application/xml
	font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon
	image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;

	keepalive_timeout 60;

	server_tokens off;

	http3 on;
	http2 on;

	quic_gso on;
	quic_retry on;

	ssl_certificate /path/to/your/fullchain.pem;
	ssl_certificate_key /path/to/your/privkey.pem;
	ssl_session_timeout 1d;
	ssl_session_cache shared:MozSSL:10m;
	ssl_session_tickets off;

	ssl_conf_command Options KTLS,PrioritizeChaCha;

	ssl_protocols TLSv1.3;
	ssl_prefer_server_ciphers off;

	add_header Strict-Transport-Security "max-age=63072000" always;
	add_header Alt-Svc 'h3=":443"; ma=86400';

	ssl_stapling on;
	ssl_stapling_verify on;

	ssl_trusted_certificate /path/to/your/chain.pem;

	ssl_early_data on;

	ssl_dyn_rec_enable on;

	ssl_ecdh_curve x25519_kyber768:x25519_kyber512:p384_kyber768:x25519:secp521r1:secp384r1:prime256v1;

	resolver 1.1.1.1;

	include /etc/nginx/conf.d/*.conf;
	}