worker_processes auto; user nginx nginx; events { worker_connections 1024; } http { include mime.types; default_type text/html; sendfile on; keepalive_timeout 65; server_tokens off; brotli on; gzip on; # https://pub.nethence.com/security/ciphers ssl_protocols TLSv1.3 TLSv1.2; ssl_prefer_server_ciphers off; ssl_ciphers ECDHE:DHE:kGOST:AEAD:!aNULL:!eNULL:!RC4:!MD5:!3DES:!AES256-GCM-SHA384:!ECDHE-RSA-AES256-SHA:!ECDHE-ECDSA-AES256-SHA; ssl_dhparam /etc/nginx/dhparms.pem; # no restriction on ssl_ecdh_curve # without includeSubDomains # 15552000 seconds (180 days) # 31536000 seconds (365 days) # 63072000 seconds (730 days) add_header Strict-Transport-Security "max-age=15552000" always; add_header X-Frame-Options DENY; # jitsi meet #ssl_session_cache shared:SSL:10m; #ssl_session_timeout 1d; #ssl_session_tickets off; # what defaults are those? #ssl_session_cache shared:SSL:40m; #ssl_session_timeout 4h; #ssl_session_tickets on; # shorter #ssl_session_cache shared:SSL:20m; #ssl_session_timeout 10m; # https://pub.nethence.com/logging/formats-nginx # https://pub.nethence.com/logging/flb-nginx log_format json escape=json '{' '"bytes_sent": "$bytes_sent", ' '"connection_requests": "$connection_requests", ' '"gzip_ratio": "$gzip_ratio", ' '"host": "$host", ' '"http_referrer":"$http_referer", ' '"http_user_agent": "$http_user_agent", ' '"remote_addr": "$remote_addr", ' '"remote_port": "$remote_port", ' '"remote_user": "$remote_user", ' '"request_length": "$request_length", ' '"request_method":"$request_method", ' '"request_time":"$request_time", ' '"request_uri":"$request_uri", ' '"scheme": "$scheme", ' '"server_protocol": "$server_protocol", ' '"ssl_ciphers": "$ssl_ciphers", ' '"ssl_cipher": "$ssl_cipher", ' '"ssl_curves": "$ssl_curves", ' '"ssl_curve": "$ssl_curve", ' '"ssl_protocol": "$ssl_protocol", ' '"ssl_server_name": "$ssl_server_name", ' '"status": "$status", ' '"time_iso8601":"$time_iso8601"' '}'; include conf.d/*.conf; }