https://kangtain.com/wiki/index.php?action=history&feed=atom&title=HestiaCP%3ANginx.conf 2026-05-12T19:12:51Z Revision history for this page on the wiki MediaWiki 1.45.1 https://kangtain.com/wiki/index.php?title=HestiaCP:Nginx.conf&diff=7762&oldid=prev 2023-01-18T11:00:21Z

<p>Created page with &quot;Configurasi &lt;code&gt;nginx.conf&lt;/code&gt; default&lt;syntaxhighlight lang=&quot;nginx&quot; line=&quot;1&quot;&gt; # Server globals user www-data; worker_processes auto; worker_rlimit_nofile 65535; error_log /var/log/nginx/error.log; pid /var/run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; # Worker config events { worker_connections 1024; use epoll; multi_accept on; } http { #...&quot;</p> <p><b>New page</b></p><div>Configurasi &lt;code&gt;nginx.conf&lt;/code&gt; default&lt;syntaxhighlight lang=&quot;nginx&quot; line=&quot;1&quot;&gt;<br /> # Server globals<br /> user www-data;<br /> worker_processes auto;<br /> worker_rlimit_nofile 65535;<br /> error_log /var/log/nginx/error.log;<br /> pid /var/run/nginx.pid;<br /> <br /> include /etc/nginx/modules-enabled/*.conf;<br /> <br /> # Worker config<br /> events {<br /> worker_connections 1024;<br /> use epoll;<br /> multi_accept on;<br /> }<br /> <br /> http {<br /> # Main settings<br /> sendfile on;<br /> tcp_nopush on;<br /> tcp_nodelay on;<br /> client_header_timeout 180s;<br /> client_body_timeout 180s;<br /> client_header_buffer_size 2k;<br /> client_body_buffer_size 256k;<br /> client_max_body_size 256m;<br /> large_client_header_buffers 4 8k;<br /> send_timeout 60s;<br /> keepalive_timeout 30s;<br /> keepalive_requests 100000;<br /> reset_timedout_connection on;<br /> server_tokens off;<br /> server_name_in_redirect off;<br /> server_names_hash_max_size 512;<br /> server_names_hash_bucket_size 512;<br /> charset utf-8;<br /> <br /> # FastCGI settings<br /> fastcgi_buffers 4 256k;<br /> fastcgi_buffer_size 256k;<br /> fastcgi_busy_buffers_size 256k;<br /> fastcgi_temp_file_write_size 256k;<br /> fastcgi_connect_timeout 30s;<br /> fastcgi_read_timeout 300s;<br /> fastcgi_send_timeout 180s;<br /> fastcgi_cache_lock on;<br /> fastcgi_cache_lock_timeout 5s;<br /> fastcgi_cache_background_update on;<br /> fastcgi_cache_revalidate on;<br /> <br /> # Proxy settings<br /> proxy_redirect off;<br /> proxy_set_header Host $host;<br /> proxy_set_header X-Real-IP $remote_addr;<br /> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br /> proxy_pass_header Set-Cookie;<br /> proxy_buffers 32 4k;<br /> proxy_connect_timeout 30s;<br /> proxy_read_timeout 300s;<br /> proxy_send_timeout 180s;<br /> <br /> # Log format<br /> log_format main &#039;$remote_addr - $remote_user [$time_local] $request &#039;<br /> &#039;&quot;$status&quot; $body_bytes_sent &quot;$http_referer&quot; &#039;<br /> &#039;&quot;$http_user_agent&quot; &quot;$http_x_forwarded_for&quot;&#039;;<br /> log_format bytes &#039;$body_bytes_sent&#039;;<br /> log_not_found off;<br /> access_log off;<br /> <br /> # Mime settings<br /> include /etc/nginx/mime.types;<br /> default_type application/octet-stream;<br /> <br /> # Compression<br /> gzip on;<br /> gzip_static on;<br /> gzip_vary on;<br /> gzip_comp_level 6;<br /> gzip_min_length 1024;<br /> gzip_buffers 16 8k;<br /> gzip_http_version 1.1;<br /> gzip_types text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype;<br /> gzip_proxied any;<br /> gzip_disable &quot;MSIE [1-6]\.&quot;;<br /> <br /> # Cloudflare https://www.cloudflare.com/ips<br /> set_real_ip_from 103.21.244.0/22;<br /> set_real_ip_from 103.22.200.0/22;<br /> set_real_ip_from 103.31.4.0/22;<br /> set_real_ip_from 104.16.0.0/13;<br /> set_real_ip_from 104.24.0.0/14;<br /> set_real_ip_from 108.162.192.0/18;<br /> set_real_ip_from 131.0.72.0/22;<br /> set_real_ip_from 141.101.64.0/18;<br /> set_real_ip_from 162.158.0.0/15;<br /> set_real_ip_from 172.64.0.0/13;<br /> set_real_ip_from 173.245.48.0/20;<br /> set_real_ip_from 188.114.96.0/20;<br /> set_real_ip_from 190.93.240.0/20;<br /> set_real_ip_from 197.234.240.0/22;<br /> set_real_ip_from 198.41.128.0/17;<br /> # set_real_ip_from 2400:cb00::/32;<br /> # set_real_ip_from 2405:8100::/32;<br /> # set_real_ip_from 2405:b500::/32;<br /> # set_real_ip_from 2606:4700::/32;<br /> # set_real_ip_from 2803:f800::/32;<br /> # set_real_ip_from 2a06:98c0::/29;<br /> # set_real_ip_from 2c0f:f248::/32;<br /> real_ip_header CF-Connecting-IP;<br /> <br /> # SSL PCI compliance<br /> ssl_session_cache shared:SSL:20m;<br /> ssl_session_timeout 60m;<br /> ssl_buffer_size 1400;<br /> ssl_protocols TLSv1.2 TLSv1.3;<br /> ssl_prefer_server_ciphers on;<br /> ssl_ciphers &quot;ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS&quot;;<br /> ssl_dhparam /etc/ssl/dhparam.pem;<br /> ssl_ecdh_curve secp384r1;<br /> ssl_session_tickets off;<br /> resolver 8.8.4.4 8.8.8.8 valid=300s ipv6=off;<br /> resolver_timeout 5s;<br /> <br /> # Error pages<br /> error_page 403 /error/404.html;<br /> error_page 404 /error/404.html;<br /> error_page 410 /error/410.html;<br /> error_page 500 501 502 503 504 505 /error/50x.html;<br /> <br /> # Proxy cache<br /> proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m;<br /> proxy_cache_key &quot;$scheme$request_method$host$request_uri&quot;;<br /> proxy_temp_path /var/cache/nginx/temp;<br /> proxy_ignore_headers Expires Cache-Control;<br /> proxy_cache_use_stale error timeout invalid_header http_502;<br /> proxy_cache_valid any 1d;<br /> <br /> # FastCGI cache<br /> fastcgi_cache_path /var/cache/nginx/micro levels=1:2 keys_zone=microcache:10m max_size=1024m inactive=30m;<br /> fastcgi_cache_key &quot;$scheme$request_method$host$request_uri&quot;;<br /> fastcgi_cache_methods GET HEAD;<br /> fastcgi_cache_use_stale updating error timeout invalid_header http_500 http_503;<br /> fastcgi_ignore_headers Cache-Control Expires Set-Cookie;<br /> add_header X-FastCGI-Cache $upstream_cache_status;<br /> <br /> # Cache bypass<br /> map $http_cookie $no_cache {<br /> default 0;<br /> ~SESS 1;<br /> ~wordpress_logged_in 1;<br /> }<br /> <br /> # File cache (static assets)<br /> open_file_cache max=10000 inactive=30s;<br /> open_file_cache_valid 60s;<br /> open_file_cache_min_uses 2;<br /> open_file_cache_errors off;<br /> <br /> # Wildcard include<br /> include /etc/nginx/conf.d/*.conf;<br /> include /etc/nginx/conf.d/domains/*.conf;<br /> }<br /> <br /> &lt;/syntaxhighlight&gt;<br /> [[Category:Nginx]]<br /> [[Category:Server]]<br /> [[Category:HestiaCP]]<br /> [[Category:Ubuntu]]<br /> [[Category:Linux]]</div>

Kangtain