Update nginx.conf

proteinevolution · May 29, 2017 · 2ab97b8 · 2ab97b8
1 parent 62a6575
commit 2ab97b8
Showing 1 changed file with 56 additions and 80 deletions.
diff --git a/doc/nginx/nginx.conf b/doc/nginx/nginx.conf
@@ -1,91 +1,67 @@
 user www-data;
+worker_processes auto;
 pid /run/nginx.pid;
 
-worker_processes  auto;
-
 # limit the maximum number of open files
 #worker_rlimit_nofile 128000;
 
 events {
-    worker_connections  8192;
+	worker_connections 8192;
+	# multi_accept on;
 }
 
 http {
-  include       mime.types;
-  default_type  application/octet-stream;
-  server_tokens off;
-
-  sendfile        on;
-  keepalive_timeout  65;
-
-  proxy_buffering    off;
-  proxy_set_header   X-Real-IP $remote_addr;
-  proxy_set_header   X-Forwarded-Proto $scheme;
-  proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
-  proxy_set_header   Host $http_host;
-  proxy_http_version 1.1;
-  #websocket
-  proxy_set_header Upgrade $http_upgrade;
-  proxy_set_header Connection "upgrade";
-
-  # custom error page if natty is not running
-  proxy_intercept_errors on;
-  error_page 500 502 503 504 @errorpage;
-
-  #disable access logging
-  access_log off;
-
-  upstream my-backend {
-     server 127.0.0.1:9000;
-  }
-
-  server {
-	listen       80;
-
-	server_name _;
-	return 301 https://$host$request_uri;
-
-   # server_name rye.tuebingen.mpg.de;
-   # location / {
-   #    proxy_pass http://my-backend;
-   # }
-   # location /ganglia {
-   #    alias /usr/share/ganglia-webfrontend;
-   #    allow 10.0.0.0/8;
-   #    deny all;
-   # }
-  }
-
-  server {
-    listen               443;
-    ssl                  on;
-
-    # http://www.selfsignedcertificate.com/ is useful for development testing
-    ssl_certificate      /etc/ssl/certs/toolkit-chain.pem;
-    ssl_certificate_key  /etc/ssl/private/toolkit-key.pem;
-
-    # From https://bettercrypto.org/static/applied-crypto-hardening.pdf
-    ssl_prefer_server_ciphers on;
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # not possible to do exclusive
-    ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';
-    add_header Strict-Transport-Security max-age=15768000; # six months
-    # use this only if all subdomains support HTTPS!
-    # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains"
-
-    keepalive_timeout    70;
-    server_name _;
-
-
-    location / {
-	proxy_pass  http://my-backend;
-	client_body_in_file_only clean;
-	client_body_buffer_size 128k;
-	client_max_body_size 30m;
-    }
-
-    location @errorpage {
-    	root /ebio/toolkit_rye/user/toolkit/Toolkit/doc/nginx/;
-	index underConstruction.html;
-    }
-  }
+
+	##
+	# Basic Settings
+	##
+
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	keepalive_timeout 65;
+	types_hash_max_size 2048;
+	# server_tokens off;
+
+	# server_names_hash_bucket_size 64;
+	# server_name_in_redirect off;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# SSL Settings
+	##
+
+	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+	ssl_prefer_server_ciphers on;
+
+	##
+	# Logging Settings
+	##
+
+	#access_log /var/log/nginx/access.log;
+	access_log off;
+	error_log /var/log/nginx/error.log;
+
+	##
+	# Gzip Settings
+	##
+
+	gzip on;
+	gzip_disable "msie6";
+
+	# gzip_vary on;
+	# gzip_proxied any;
+	# gzip_comp_level 6;
+	# gzip_buffers 16 8k;
+	# gzip_http_version 1.1;
+	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+	##
+	# Virtual Host Configs
+	##
+
+	include /etc/nginx/conf.d/*.conf;
+	include /etc/nginx/sites-enabled/*;
 }