Optimized NGINX Configuration

Posted on

How I optimized NGINX configuration for my several websites. NGINX is yet robust and powerful web server. Below is my optimized nginx.conf file.

user www-data;worker_processes 16;worker_rlimit_nofile 787695;pid /run/nginx.pid;events {        worker_connections 8192;        multi_accept on;        accept_mutex off;}http {        ##        # Map http agents to block all bots        ##        map $http_user_agent $limit_bots {             default 0;             ~*(ahrefsbot|alexibot|appengine|aqua_products|archive.org_bot|archive|asterias|attackbot|b2w|backdoorbot|becomebot|blackwidow|blekkobot) 1;             ~*(blowfish|botalot|builtbottough|bullseye|bunnyslippers|ccbot|cheesebot|cherrypicker|chinaclaw|chroot|clshttp|collector) 1;             ~*(control|copernic|copyrightcheck|copyscape|cosmos|craftbot|crescent|curl|custo|demon) 1;             ~*(disco|dittospyder|dotbot|download|downloader|dumbot|ecatch|eirgrabber|email|emailcollector) 1;             ~*(emailsiphon|emailwolf|enterprise_search|erocrawler|eventmachine|exabot|express|extractor|extractorpro|eyenetie) 1;             ~*(fairad|flaming|flashget|foobot|foto|gaisbot|getright|getty|getweb!|gigabot) 1;             ~*(github|go!zilla|go-ahead-got-it|go-http-client|grabnet|grafula|grub|hari|harvest|hatena|antenna|hloader) 1;             ~*(hmview|htmlparser|httplib|httrack|humanlinks|ia_archiver|indy|infonavirobot|interget|intraformant) 1;             ~*(iron33|jamesbot|jennybot|jetbot|jetcar|joc|jorgee|kenjin|keyword|larbin|leechftp) 1;             ~*(lexibot|library|libweb|libwww|linkextractorpro|linkpadbot|linkscan|linkwalker|lnspiderguy|looksmart) 1;             ~*(lwp-trivial|mass|mata|midown|miixpc|mister|mj12bot|moget|msiecrawler|naver) 1;             ~*(navroad|nearsite|nerdybot|netants|netmechanic|netspider|netzip|nicerspro|ninja|nutch) 1;             ~*(octopus|offline|openbot|openfind|openlink|pagegrabber|papa|pavuk|pcbrowser|perl) 1;             ~*(perman|picscout|propowerbot|prowebwalker|psbot|pycurl|pyq|pyth|python) 1;             ~*(python-urllib|queryn|quester|radiation|realdownload|reget|retriever|rma|rogerbot|scan|screaming|frog|seo) 1;             ~*(scooter|searchengineworld|searchpreview|semrush|semrushbot|semrushbot-sa|seokicks-robot|sitesnagger|smartdownload|sootle) 1;             ~*(spankbot|spanner|spbot|spider|stanford|stripper|sucker|superbot|superhttp|surfbot|surveybot) 1;             ~*(suzuran|szukacz|takeout|teleport|telesoft|thenomad|tocrawl|tool|true_robot|turingos) 1;             ~*(twengabot|typhoeus|url_spider_pro|urldispatcher|urllib|urly|vampire|vci|voideye|warning) 1;             ~*(webauto|webbandit|webcollector|webcopier|webcopy|webcraw|webenhancer|webfetch|webgo|webleacher) 1;             ~*(webmasterworld|webmasterworldforumbot|webpictures|webreaper|websauger|webspider|webster|webstripper|webvac|webviewer) 1;             ~*(webwhacker|webzip|webzip|wesee|wget|widow|woobot|www-collector-e|wwwoffle|xenu) 1;        }        ##        # Basic Settings        ##        access_log off;        sendfile on;        sendfile_max_chunk 512k;        tcp_nopush on;        tcp_nodelay on;        server_tokens off;        reset_timedout_connection on;        send_timeout 15;        keepalive_timeout 15;        client_body_buffer_size 128k;        client_max_body_size 50m;        client_body_timeout 15;        client_header_timeout 15;        open_file_cache_valid 3m;        open_file_cache max=262565 inactive=5m;        types_hash_max_size 2048;        server_names_hash_max_size 2048;        # server_names_hash_bucket_size 64;        # server_name_in_redirect off;        limit_req_status 403;        limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;        limit_req_zone $binary_remote_addr zone=wp:10m rate=3r/s;        include /etc/nginx/mime.types;        include common/headers-http.conf;        default_type application/octet-stream;        ##        # SSL Settings        ##        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;        ssl_buffer_size 4k;        ssl_session_tickets on;        ssl_session_timeout 1d;        ssl_session_cache shared:SSL:50m;        ssl_dhparam /etc/ssl/dhparam.pem;        ssl_ecdh_curve prime256v1:secp384r1:secp521r1;        ssl_prefer_server_ciphers on;        ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RS$        ##        # Logging Settings        ##        access_log /var/log/nginx/access.log;        error_log /var/log/nginx/error.log;        open_log_file_cache max=1000 inactive=30s valid=1m;        log_format we_log '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '        '$http_host "$request" $status $body_bytes_sent '        '"$http_referer" "$http_user_agent"';        ##        # Gzip Settings        ##        gzip on;        gzip_disable "msie6";        gzip_vary on;        gzip_proxied any;        gzip_comp_level 6;        gzip_buffers 32 16k;        gzip_http_version 1.1;        gzip_min_length 250;        gzip_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml $        # Brotli Settings        brotli on;        brotli_comp_level 4;        brotli_buffers 32 8k;        brotli_min_length 100;        brotli_static on;        brotli_types image/jpeg image/bmp image/svg+xml text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon;        ##        # Virtual Host Configs        ##        include /etc/nginx/conf.d/*.conf;        include /etc/nginx/sites-enabled/*;}

Loading...

Leave a Reply

Your email address will not be published. Required fields are marked *