#-----------------------------------------------#
# Основная конфигурация сервера Nginx
#-----------------------------------------------#
worker_processes 1;
pid "%sprogdir%/userdata/temp/nginx.pid";
error_log "%sprogdir%/userdata/logs/%httpdriver%_error.log" warn;
events {
worker_connections 1024;
}
http {
include "%sprogdir%/modules/http/%httpdriver%/conf/mimen.types";
error_log "%sprogdir%/userdata/logs/%httpdriver%_error.log" warn;
default_type application/octet-stream;
%httpcharset%
log_format main '$host: $remote_addr [$time_local] '
'"$request" "$http_referer" $status $bytes_sent '
'"$http_user_agent" "$http_x_forwarded_for"';
%logstring%
autoindex on;
tcp_nopush on;
tcp_nodelay on;
reset_timedout_connection on;
ignore_invalid_headers off;
server_tokens off;
server_name_in_redirect off;
keepalive_timeout 60 60;
client_header_timeout 1m;
send_timeout 1m;
#-----------------------------------------------#
# Конфигурация буферов
#-----------------------------------------------#
client_body_timeout 1m;
client_body_buffer_size 256k;
client_header_buffer_size 4k;
client_max_body_size 50m;
large_client_header_buffers 4 8k;
server_names_hash_bucket_size 512;
server_names_hash_max_size 4096;
#-----------------------------------------------#
# Конфигурация GZIP
#-----------------------------------------------#
gzip on;
gzip_buffers 4 64k;
gzip_comp_level 6;
gzip_disable "msie6";
gzip_min_length 32768;
gzip_proxied any;
gzip_static off;
gzip_vary on;
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
#-----------------------------------------------#
# Указание временных каталогов
#-----------------------------------------------#
client_body_temp_path "%sprogdir%/userdata/temp" 1 2;
fastcgi_temp_path "%sprogdir%/userdata/temp" 1 2;
proxy_temp_path "%sprogdir%/userdata/temp" 1 2;
scgi_temp_path "%sprogdir%/userdata/temp" 1 2;
uwsgi_temp_path "%sprogdir%/userdata/temp" 1 2;
#-----------------------------------------------#
# Конфигурация SSL
#-----------------------------------------------#
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
ssl_session_cache builtin:5000;
ssl_dhparam "%sprogdir%/userdata/config/dhparam.pem";
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_timeout 10m;
#-----------------------------------------------#
# Внимание!
# Служебная конфигурация хоста сервера Nginx
# Данный блок не предназначен для модификации!
# Первичный виртуальный хост "по умолчанию"
#-----------------------------------------------#
server {
listen %ip%:%httpport% default_server;
listen %ip%:%httpsport% default_server ssl;
ssl_certificate "%sprogdir%/userdata/config/server.crt";
ssl_certificate_key "%sprogdir%/userdata/config/server.key";
#add_header Strict-Transport-Security "max-age=94608000; includeSubDomains; preload";
location / {
root %sprogdir%/modules/system/html/default;
index index.html;
}
location ^~ /apacheicons/ {
alias %sprogdir%/modules/http/%httpdriver%/icons/;
}
location ^~ /apacheerror/ {
alias %sprogdir%/modules/http/%httpdriver%/error/;
}
# Подключение веб-инструментов
#---------------------------------------#
# <Не изменяйте этот блок конфигурации>
location /openserver/ {
%allow%allow all;
allow 127.0.0.0/8;
allow ::1/128;
allow %ips%;
deny all;
location /openserver/server-status {
stub_status on;
}
proxy_buffer_size 64k;
proxy_buffering on;
proxy_buffers 4 64k;
proxy_connect_timeout 5s;
proxy_ignore_client_abort off;
proxy_intercept_errors off;
proxy_pass http://%ips%:%httpbackport%/openserver/;
proxy_pass_header Server;
proxy_read_timeout 5m;
proxy_redirect off;
proxy_send_timeout 5m;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
location ~* ^/openserver/.+\.(jpg|jpeg|gif|png|ico|css|js|cur|swf)$ {
root "%sprogdir%/modules/system/html";
expires 7d;
}
}
# <Не изменяйте этот блок конфигурации/>
#---------------------------------------#
}
#---------------------------------------------#
# Конец конфигурации хоста "по умолчанию"
#---------------------------------------------#