adamvduke · December 16, 2019 16:09 · May 31, 2014 · May 31, 2014
diff --git a/nginx.conf b/nginx.conf
@@ -118,9 +118,15 @@ http {
     text/plain
     text/x-component;
   # text/html is always compressed by HttpGzipModule
-
+
+  # Default server if accessed by naked IP or undefined server_name
+  server {
+    listen 80;
+    listen 443;
+    return 403;
+  }
+
   # Includes
-
   include /etc/nginx/conf.d/*.conf;
   include sites-enabled/*;
 

diff --git a/nginx.conf b/nginx.conf
@@ -0,0 +1,127 @@
+# nginx Configuration File
+# http://wiki.nginx.org/Configuration
+
+# Run as a less privileged user for security reasons.
+user forge;
+
+# How many worker threads to run;
+# "auto" sets it to the number of CPU cores available in the system, and
+# offers the best performance. Don't set it higher than the number of CPU
+# cores if changing this parameter.
+
+# The maximum number of connections for Nginx is calculated by:
+# max_clients = worker_processes * worker_connections
+worker_processes auto;
+
+events {
+  # When you need > 8000 * cpu_cores connections, you start optimizing your OS,
+  # and this is probably the point at which you hire people who are smarter than
+  # you, as this is *a lot* of requests. default is 768.
+  worker_connections 768;
+  multi_accept on;
+}
+
+# Default error log file
+# (this is only used when you don't override error_log on a server{} level)
+error_log  /var/log/nginx/error.log;
+pid        /run/nginx.pid;
+
+http {
+
+  # Hide nginx version information.
+  server_tokens off;
+
+  # Control the maximum length of a virtual host entry
+  # (the length of the domain name)
+  server_names_hash_bucket_size 64;
+
+  # Set the maximum size of the types hash tables
+  types_hash_max_size 2048;
+
+  # Define the MIME types for files.
+  include       /etc/nginx/mime.types;
+  default_type  application/octet-stream;
+
+  # Update charset_types due to updated mime.types
+  charset_types text/xml text/plain text/vnd.wap.wml application/x-javascript application/rss+xml text/css application/javascript application/json;
+
+  # Format to use in log files
+  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                    '$status $body_bytes_sent "$http_referer" '
+                    '"$http_user_agent" "$http_x_forwarded_for"';
+
+  # Default log file
+  # (this is only used when you don't override access_log on a server{} level)
+  access_log /var/log/nginx/access.log;
+
+  # How long to allow each connection to stay idle; longer values are better
+  # for each individual client, particularly for SSL, but means that worker
+  # connections are tied up longer. (Default: 65)
+  keepalive_timeout 20;
+
+  # Speed up file transfers by using sendfile() to copy directly
+  # between descriptors rather than using read()/write().
+  sendfile        on;
+
+  # Tell Nginx not to send out partial frames; this increases throughput
+  # since TCP frames are filled up before being sent out. (adds TCP_CORK)
+  tcp_nopush      on;
+
+  # Tell Nginx to enable the Nagle buffering algorithm for TCP packets, which
+  # collates several smaller packets together into one larger packet, thus saving
+  # bandwidth at the cost of a nearly imperceptible increase to latency. (removes TCP_NODELAY)
+  tcp_nodelay     on;
+
+  # Compression
+
+  # Enable Gzip compressed.
+  gzip on;
+
+  # Enable compression both for HTTP/1.0 and HTTP/1.1.
+  gzip_http_version  1.1;
+
+  # Compression level (1-9).
+  # 5 is a perfect compromise between size and cpu usage, offering about
+  # 75% reduction for most ascii files (almost identical to level 9).
+  gzip_comp_level    5;
+
+  # Don't compress anything that's already small and unlikely to shrink much
+  # if at all (the default is 20 bytes, which is bad as that usually leads to
+  # larger files after gzipping).
+  gzip_min_length    256;
+
+  # Compress data even for clients that are connecting to us via proxies,
+  # identified by the "Via" header (required for CloudFront).
+  gzip_proxied       any;
+
+  # Tell proxies to cache both the gzipped and regular version of a resource
+  # whenever the client's Accept-Encoding capabilities header varies;
+  # Avoids the issue where a non-gzip capable client (which is extremely rare
+  # today) would display gibberish if their proxy gave them the gzipped version.
+  gzip_vary          on;
+
+  # Compress all output labeled with one of the following MIME-types.
+  gzip_types
+    application/atom+xml
+    application/javascript
+    application/json
+    application/rss+xml
+    application/vnd.ms-fontobject
+    application/x-font-ttf
+    application/x-web-app-manifest+json
+    application/xhtml+xml
+    application/xml
+    font/opentype
+    image/svg+xml
+    image/x-icon
+    text/css
+    text/plain
+    text/x-component;
+  # text/html is always compressed by HttpGzipModule
+
+  # Includes
+
+  include /etc/nginx/conf.d/*.conf;
+  include sites-enabled/*;
+
+}