.TH "nbbb.sample" 1 "23rd March 2017" "version: 2.2017.05" "NGINX.CONF SAMPLE" user www\-data; .nf worker_processes auto\; pid /run/nginx.pid; .PP events { worker_connections 1024; multi_accept on; use epoll; } .PP http { .PP .nf .RS ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 90s; keepalive_requests 1000; server_tokens off; client_body_buffer_size 32k; client_header_buffer_size 1k; client_max_body_size 50M; types_hash_max_size 2048; server_names_hash_bucket_size 64; server_names_hash_max_size 4096; large_client_header_buffers 4 16k; # Our request limiter zone for wp\-login attacks (used in Fail2Ban nginx\-limit\-req filter and jail) limit_req_zone $binary_remote_addr zone=wp\-login:10m rate=1r/s; # DDos Mitigation # *************** # https://www.nginx.com/blog/mitigating\-ddos\-attacks\-with\-nginx\-and\-nginx\-plus/ # Limiting the Rate of Requests limit_req_zone $binary_remote_addr zone=flood:50m rate=90r/s; # Limiting the Number of Connections limit_conn_zone $binary_remote_addr zone=addr:50m; # Add FastCGI caching # https://www.nginx.com/blog/9\-tips\-for\-improving\-wordpress\-performance\-with\-nginx/ include /etc/nginx/mime.types; default_type application/octet\-stream; ## # SSL Settings ## # Your own SSL settings here if using SSL ## # Logging Settings ## access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; ## # Gzip Settings ## gzip on; gzip_disable "MSIE [1\-6]\\."; gzip_vary on; gzip_static on; gzip_min_length 20; gzip_proxied expired no\-cache no\-store private auth; gzip_comp_level 7; gzip_buffers 32 4k; gzip_http_version 1.1; gzip_types text/plain text/css application/json application/javascript application/x\-javascript text/xml application/xml application/xml+rss text/javascript; ## # Virtual Host Configs ## # Our globalblacklist.conf Bot Blocker Gets Included Because it is placed into the conf.d folder # which is loaded by the include below include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites\-enabled/*; .fi .RE .PP }