user www-data; worker_processes auto; pid /run/nginx.pid; events { worker_connections 1024; multi_accept on; use epoll; } http { ## SAMPLE nginx.conf file ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 90s; keepalive_requests 1000; server_tokens off; client_body_buffer_size 32k; client_header_buffer_size 1k; client_max_body_size 50M; types_hash_max_size 2048; server_names_hash_bucket_size 64; server_names_hash_max_size 4096; large_client_header_buffers 4 16k; # Our request limiter zone for wp-login attacks (used in Fail2Ban nginx-limit-req filter and jail) limit_req_zone $binary_remote_addr zone=wp-login:10m rate=1r/s; # DDos Mitigation # *************** # https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/ # Limiting the Rate of Requests limit_req_zone $binary_remote_addr zone=flood:50m rate=90r/s; # Limiting the Number of Connections limit_conn_zone $binary_remote_addr zone=addr:50m; # Add FastCGI caching # https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/ include /etc/nginx/mime.types; default_type application/octet-stream; ## # SSL Settings ## # Your own SSL settings here if using SSL ## # Logging Settings ## access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; ## # Gzip Settings ## gzip on; gzip_disable "MSIE [1-6]\."; gzip_vary on; gzip_static on; gzip_min_length 20; gzip_proxied expired no-cache no-store private auth; gzip_comp_level 7; gzip_buffers 32 4k; gzip_http_version 1.1; gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript; ## # Virtual Host Configs ## # Our globalblacklist.conf Bot Blocker Gets Included Because it is placed into the conf.d folder # which is loaded by the include below include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; }