From 3ba36187e7943af6492b5899fc6d25e8f4f01482 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C6=ACHE=20=D0=AFAW=20=E2=98=A3?= Date: Tue, 16 Apr 2019 00:39:33 +0200 Subject: [PATCH] Update nginx.conf --- static/nginx.conf | 41 ++++++++++++++++++++--------------------- 1 file changed, 20 insertions(+), 21 deletions(-) diff --git a/static/nginx.conf b/static/nginx.conf index 2abcbda..f5552c3 100644 --- a/static/nginx.conf +++ b/static/nginx.conf @@ -1,6 +1,5 @@ # Suggestions? => https://github.com/theraw/The-World-Is-Yours/issues # Problems? => https://github.com/theraw/The-World-Is-Yours/issues -# Errors? => https://github.com/theraw/The-World-Is-Yours/issues user nginx; pid /var/run/nginx.pid; worker_processes auto; @@ -14,7 +13,6 @@ events { http { # ////////////////////////////////////////////////////// # # =================== START L7 ========================= # - # turn this 'on' if you want to use L7 For every domain hosted in your server testcookie off; testcookie_name DOPEHOSTING; testcookie_secret random; @@ -27,11 +25,9 @@ http { testcookie_p3p 'CP="CUR ADM OUR NOR STA NID", policyref="/w3c/p3p.xml"'; testcookie_fallback /cookies.html?backurl=$scheme://$host$request_uri; - # Those are some ip's whitelisted by me. mostly are search engines. But not everything! testcookie_whitelist { 8.8.8.8/32; 127.0.0.1/32; - # I don't suggest using alot of IPs here as this whitelist can fail!. } testcookie_redirect_via_refresh on; testcookie_refresh_encrypt_cookie on; @@ -57,20 +53,13 @@ http { $geoip2_data_country_code default=US country iso_code; $geoip2_data_country_name country names en; } - - # EX Ban China! - #map $geoip2_data_country_code $allowed_country { - # default yes; - # CN no; - #} # =================== END GEIP ========================= # # ////////////////////////////////////////////////////// # # ////////////////////////////////////////////////////// # # ===================== EXTRA ========================== # - # Don't Go with "Nginx Can Handle Everything" ! limit_conn_zone $server_name zone=max:1m; - limit_req_zone $binary_remote_addr zone=one:1m rate=1r/s; + limit_req_zone $binary_remote_addr zone=one:1m rate=1r/s; # =================== END EXTRA ======================== # # ////////////////////////////////////////////////////// # @@ -91,22 +80,32 @@ http { # ////////////////////////////////////////////////////// # # ==================== GENERAL ========================= # - client_body_buffer_size 1M; - client_header_buffer_size 1M; - client_body_timeout 90s; - client_header_timeout 90s; - client_max_body_size 2M; - keepalive_timeout 10s; - port_in_redirect off; + default_type application/octet-stream; sendfile on; server_names_hash_bucket_size 6969; + server_names_hash_max_size 6969; + resolver 1.1.1.1 8.8.8.8; + client_body_buffer_size 128k; + client_header_buffer_size 5M; + client_max_body_size 128M; + client_body_timeout 30s; + client_header_timeout 30s; + keepalive_timeout 30s; + open_file_cache max=200000 inactive=20s; + open_file_cache_errors on; + open_file_cache_min_uses 2; + open_file_cache_valid 90s; + reset_timedout_connection on; + send_timeout 30s; + port_in_redirect off; server_name_in_redirect off; server_tokens off; tcp_nodelay on; tcp_nopush on; types_hash_max_size 2048; - resolver 8.8.8.8 8.8.4.4; - default_type application/octet-stream; + real_ip_header X-Forwarded-For; + real_ip_recursive on; + set_real_ip_from 127.0.0.1; include /nginx/mime.types; # =================== END GENERAL ====================== # # ////////////////////////////////////////////////////// #