theraw/The-World-Is-Yours
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

2026
build-and-publish / build (push) Has been cancelled
Details

Browse Source
This commit is contained in:
root
2026-04-26 01:38:39 +00:00
parent 51b6eaa694
commit 6689fd295b
6 changed files with 39 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files
static/nginx/nginx.conf
+14 -17
View File
@@ -8,7 +8,7 @@
user nginx;
pid /var/run/nginx.pid;
worker_processes auto;
worker_cpu_affinity auto; # Pin workers to cores for L1/L2 locality.
worker_cpu_affinity auto;
worker_rlimit_nofile 65535;
events {
@@ -32,8 +32,6 @@ http {
# =================== END LOGS ========================= #
# ==================== GENERAL ========================= #
# Header buffers — keep small. The previous 2M default was a memory
# amplification target (per-conn × worker_connections = absurd worst case).
client_header_buffer_size 4k;
large_client_header_buffers 4 16k;
client_body_buffer_size 16k;
@@ -41,10 +39,10 @@ http {
client_body_timeout 30s;
client_header_timeout 30s;
send_timeout 30s;
reset_timedout_connection on; # Free sockets fast under churn.
keepalive_timeout 65s; # Amortise TCP setup across requests.
keepalive_requests 10000; # Default 1000 too low for HTTP/2.
max_headers 100; # nginx 1.29.8 — slowloris defence.
reset_timedout_connection on;
keepalive_timeout 65s;
keepalive_requests 2000;
max_headers 100;
port_in_redirect off;
sendfile on;
sendfile_max_chunk 1m;
@@ -53,8 +51,6 @@ http {
server_tokens off;
server_name_in_redirect off;
# 5,000+ vhost hash sizing. _max_size must exceed total server names;
# _bucket_size must be a CPU-cache-line multiple (32/64/128/256/512/1024).
server_names_hash_bucket_size 128;
server_names_hash_max_size 32768;
types_hash_max_size 4096;
@@ -67,14 +63,13 @@ http {
# ===================== TLS ============================ #
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off; # TLS 1.3 ciphers, client picks.
ssl_session_cache shared:SSL:200m; # ~800k sessions shared across workers
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:200m;
ssl_session_timeout 1d;
ssl_session_tickets off; # Off unless you have ticket-key rotation.
ssl_stapling on; # OCSP stapling — avoid per-handshake OCSP lookups.
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
# ===================== END TLS ======================== #
resolver 1.1.1.1 1.0.0.1 valid=300s;
resolver_timeout 5s;
default_type application/octet-stream;
@@ -86,9 +81,6 @@ http {
}
# ==================== COMPRESSION ===================== #
# Compiled in, now actually enabled. Bandwidth saving on text responses
# is typically 60-80% for HTML/JSON/CSS/JS/SVG. Comp level 4 is the
# sweet spot for CPU vs ratio on shared hosting.
gzip on;
gzip_vary on;
gzip_proxied any;
@@ -100,6 +92,11 @@ http {
brotli_comp_level 4;
brotli_min_length 256;
brotli_types text/plain text/css text/xml application/json application/javascript application/xml application/xml+rss application/atom+xml image/svg+xml font/ttf font/otf font/woff font/woff2;
zstd on;
zstd_comp_level 4;
zstd_min_length 256;
zstd_types text/plain text/css text/xml application/json application/javascript application/xml application/xml+rss application/atom+xml image/svg+xml font/ttf font/otf font/woff font/woff2;
# =================== END COMPRESSION ================== #
# =================== END GENERAL ====================== #