ivada-infra/nginx-infra
2
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
nginx-infra/nginx.conf
happybell80 140ededea6
All checks were successful
Deploy Nginx Config to Ubuntu Server / deploy (push) Successful in 2s
Details
docs/ops: apply TLS+upstream fixes and update troubleshooting (251021) 
- nginx: add strict ciphers+curves, keep TLS1.2/1.3 only
- nginx: route /api,/admin to localhost:8100
- DOCS: mark applied/partial items and next steps
2025-10-21 11:51:47 +09:00

100 lines
2.6 KiB
Nginx Configuration File
Raw Blame History

user nginx nginx;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 1024;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
# OS의 bit에 따라 배수로 설정
server_names_hash_bucket_size 64;
# TODO: 성능에 따라 조정필요
# ※ client_max_body_size = client_body_buffer_size -> disk에 기록하지 않는다는 가정의 최적의 튜닝
client_max_body_size 1000M;
client_body_buffer_size 1000M;
# security options
server_tokens off;
fastcgi_hide_header X-Powered-By;
# enhance
# connection timeout(재활용) 0 ~ 최대한 짧게
keepalive_timeout 3;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
# Restrict to modern TLS to avoid handshake issues
ssl_protocols TLSv1.2 TLSv1.3; # Drop TLSv1.0/1.1
ssl_prefer_server_ciphers on;
# Harden cipher suite and ECDH curves (mitigate bad key share)
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305';
ssl_ecdh_curve X25519:secp256r1;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
Reference in New Issue View Git Blame Copy Permalink