user {{ data.user }}; pid {{ data.pid}}; worker_processes {{ data.worker_processes }}; worker_rlimit_nofile 65535; events { multi_accept on; worker_connections 65535; } http { charset utf-8; sendfile on; tcp_nopush on; tcp_nodelay on; server_tokens off; log_not_found off; types_hash_max_size 2048; client_max_body_size {{ data.client_max_body_size }}M; # MIME include mime.types; default_type application/octet-stream; # logging access_log {{ isAccessLog() ? data.access_log : 'off' }}; error_log {{ isErrorLog() ? data.error_log : '/dev/null' }}; # limits limit_req_log_level warn; limit_req_zone $binary_remote_addr zone=login:10m rate=10r/m; # SSL ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; # Diffie-Hellman parameter for DHE ciphersuites ssl_dhparam /etc/nginx/dhparam.pem; # {{ data.ssl_profile }} configuration ssl_protocols {{ sslProfiles[ data.ssl_profile ].protocols }}; ssl_ciphers {{ sslProfiles[ data.ssl_profile ].ciphers }}; ssl_prefer_server_ciphers on; # OCSP Stapling ssl_stapling on; ssl_stapling_verify on; resolver {{ (isResolverCloudflare() ? '1.1.1.1 1.0.0.1 ' : '') + (isResolverGoogle() ? '8.8.8.8 8.8.4.4 ' : '') + (isResolverOpenDNS() ? '208.67.222.222 208.67.220.220 ' : '') }}valid=60s; resolver_timeout 2s; # load configs include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; # {{ !data.non_www ? 'www.' : '' }}{{ domain() }} }