Optimized NGINX Configuration

How I optimized NGINX configuration for my several websites. NGINX is yet robust and powerful web server. Below is my optimized nginx.conf file.

user www-data;worker_processes 16;worker_rlimit_nofile 787695;pid /run/nginx.pid;events {        worker_connections 8192;        multi_accept on;        accept_mutex off;}http {        ##        # Map http agents to block all bots        ##        map $http_user_agent $limit_bots {             default 0;             ~*(ahrefsbot|alexibot|appengine|aqua_products|archive.org_bot|archive|asterias|attackbot|b2w|backdoorbot|becomebot|blackwidow|blekkobot) 1;             ~*(blowfish|botalot|builtbottough|bullseye|bunnyslippers|ccbot|cheesebot|cherrypicker|chinaclaw|chroot|clshttp|collector) 1;             ~*(control|copernic|copyrightcheck|copyscape|cosmos|craftbot|crescent|curl|custo|demon) 1;             ~*(disco|dittospyder|dotbot|download|downloader|dumbot|ecatch|eirgrabber|email|emailcollector) 1;             ~*(emailsiphon|emailwolf|enterprise_search|erocrawler|eventmachine|exabot|express|extractor|extractorpro|eyenetie) 1;             ~*(fairad|flaming|flashget|foobot|foto|gaisbot|getright|getty|getweb!|gigabot) 1;             ~*(github|go!zilla|go-ahead-got-it|go-http-client|grabnet|grafula|grub|hari|harvest|hatena|antenna|hloader) 1;             ~*(hmview|htmlparser|httplib|httrack|humanlinks|ia_archiver|indy|infonavirobot|interget|intraformant) 1;             ~*(iron33|jamesbot|jennybot|jetbot|jetcar|joc|jorgee|kenjin|keyword|larbin|leechftp) 1;             ~*(lexibot|library|libweb|libwww|linkextractorpro|linkpadbot|linkscan|linkwalker|lnspiderguy|looksmart) 1;             ~*(lwp-trivial|mass|mata|midown|miixpc|mister|mj12bot|moget|msiecrawler|naver) 1;             ~*(navroad|nearsite|nerdybot|netants|netmechanic|netspider|netzip|nicerspro|ninja|nutch) 1;             ~*(octopus|offline|openbot|openfind|openlink|pagegrabber|papa|pavuk|pcbrowser|perl) 1;             ~*(perman|picscout|propowerbot|prowebwalker|psbot|pycurl|pyq|pyth|python) 1;             ~*(python-urllib|queryn|quester|radiation|realdownload|reget|retriever|rma|rogerbot|scan|screaming|frog|seo) 1;             ~*(scooter|searchengineworld|searchpreview|semrush|semrushbot|semrushbot-sa|seokicks-robot|sitesnagger|smartdownload|sootle) 1;             ~*(spankbot|spanner|spbot|spider|stanford|stripper|sucker|superbot|superhttp|surfbot|surveybot) 1;             ~*(suzuran|szukacz|takeout|teleport|telesoft|thenomad|tocrawl|tool|true_robot|turingos) 1;             ~*(twengabot|typhoeus|url_spider_pro|urldispatcher|urllib|urly|vampire|vci|voideye|warning) 1;             ~*(webauto|webbandit|webcollector|webcopier|webcopy|webcraw|webenhancer|webfetch|webgo|webleacher) 1;             ~*(webmasterworld|webmasterworldforumbot|webpictures|webreaper|websauger|webspider|webster|webstripper|webvac|webviewer) 1;             ~*(webwhacker|webzip|webzip|wesee|wget|widow|woobot|www-collector-e|wwwoffle|xenu) 1;        }        ##        # Basic Settings        ##        access_log off;        sendfile on;        sendfile_max_chunk 512k;        tcp_nopush on;        tcp_nodelay on;        server_tokens off;        reset_timedout_connection on;        send_timeout 15;        keepalive_timeout 15;        client_body_buffer_size 128k;        client_max_body_size 50m;        client_body_timeout 15;        client_header_timeout 15;        open_file_cache_valid 3m;        open_file_cache max=262565 inactive=5m;        types_hash_max_size 2048;        server_names_hash_max_size 2048;        # server_names_hash_bucket_size 64;        # server_name_in_redirect off;        limit_req_status 403;        limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;        limit_req_zone $binary_remote_addr zone=wp:10m rate=3r/s;        include /etc/nginx/mime.types;        include common/headers-http.conf;        default_type application/octet-stream;        ##        # SSL Settings        ##        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;        ssl_buffer_size 4k;        ssl_session_tickets on;        ssl_session_timeout 1d;        ssl_session_cache shared:SSL:50m;        ssl_dhparam /etc/ssl/dhparam.pem;        ssl_ecdh_curve prime256v1:secp384r1:secp521r1;        ssl_prefer_server_ciphers on;        ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RS$        ##        # Logging Settings        ##        access_log /var/log/nginx/access.log;        error_log /var/log/nginx/error.log;        open_log_file_cache max=1000 inactive=30s valid=1m;        log_format we_log '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '        '$http_host "$request" $status $body_bytes_sent '        '"$http_referer" "$http_user_agent"';        ##        # Gzip Settings        ##        gzip on;        gzip_disable "msie6";        gzip_vary on;        gzip_proxied any;        gzip_comp_level 6;        gzip_buffers 32 16k;        gzip_http_version 1.1;        gzip_min_length 250;        gzip_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml $        # Brotli Settings        brotli on;        brotli_comp_level 4;        brotli_buffers 32 8k;        brotli_min_length 100;        brotli_static on;        brotli_types image/jpeg image/bmp image/svg+xml text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon;        ##        # Virtual Host Configs        ##        include /etc/nginx/conf.d/*.conf;        include /etc/nginx/sites-enabled/*;}

Originally posted 2019-02-21 00:55:11.

See also  Redirecting non-www to www with Nginx on Ubuntu

About wahyuway

Check Also

How To Deploy Droplet on DigitalOcean With Terraform

Hello good people. In today’s blog post we will be showing you how to create …

Leave a Reply