From a9b1e9a31d2d9202cbdfef5d42740cb19228c226 Mon Sep 17 00:00:00 2001 From: Nik Afiq Date: Tue, 30 Sep 2025 14:21:58 +0900 Subject: [PATCH] Changed nginx.conf --- nginx.conf | 120 ++++++++++++++++++++++++----------------------------- 1 file changed, 55 insertions(+), 65 deletions(-) diff --git a/nginx.conf b/nginx.conf index 0388fd0..6e21f02 100644 --- a/nginx.conf +++ b/nginx.conf @@ -6,79 +6,69 @@ error_log /var/log/nginx/error.log; include /etc/nginx/modules-enabled/*.conf; events { - worker_connections 768; - # multi_accept on; + worker_connections 768; + # multi_accept on; } http { + ## + # Basic Settings + ## + sendfile on; + tcp_nopush on; + types_hash_max_size 2048; + server_tokens off; # hide version - ## - # Basic Settings - ## + include /etc/nginx/mime.types; + default_type application/octet-stream; - sendfile on; - tcp_nopush on; - types_hash_max_size 2048; - # server_tokens off; + ## + # TLS Defaults (site blocks can override) + ## + ssl_protocols TLSv1.2 TLSv1.3; # drop TLSv1.0/1.1 + ssl_prefer_server_ciphers on; - # server_names_hash_bucket_size 64; - # server_name_in_redirect off; + ## + # Logging (JSON) + ## + log_format json escape=json + '{ "time":"$time_iso8601", "remote_addr":"$remote_addr", "request":"$request", ' + '"status":$status, "body_bytes_sent":$body_bytes_sent, ' + '"referer":"$http_referer", "ua":"$http_user_agent", ' + '"request_time":$request_time, "upstream_time":"$upstream_response_time", ' + '"host":"$host", "uri":"$uri" }'; - include /etc/nginx/mime.types; - default_type application/octet-stream; + access_log /var/log/nginx/access.json json; - ## - # SSL Settings - ## + ## + # Gzip (safe defaults) + ## + gzip on; + gzip_comp_level 5; + gzip_min_length 256; + gzip_vary on; + gzip_proxied any; + gzip_types + text/plain text/css text/javascript application/javascript application/json + application/xml application/rss+xml image/svg+xml font/ttf font/otf; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE - ssl_prefer_server_ciphers on; + ## + # Rate/Conn limit zones (used in site file) + ## + limit_req_zone $binary_remote_addr zone=api_rps:10m rate=5r/s; + limit_conn_zone $binary_remote_addr zone=perip:10m; - ## - # Logging Settings - ## + ## + # AI bot block map (optional; enforce in server with: if ($block_ai) { return 403; }) + ## + map $http_user_agent $block_ai { + default 0; + ~*(GPTBot|ChatGPT-User|OAI-SearchBot|CCBot|ClaudeBot|PerplexityBot) 1; + } - access_log /var/log/nginx/access.log; - - ## - # Gzip Settings - ## - - gzip on; - - # gzip_vary on; - # gzip_proxied any; - # gzip_comp_level 6; - # gzip_buffers 16 8k; - # gzip_http_version 1.1; - # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; - - ## - # Virtual Host Configs - ## - - include /etc/nginx/conf.d/*.conf; - include /etc/nginx/sites-enabled/*; -} - - -#mail { -# # See sample authentication script at: -# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript -# -# # auth_http localhost/auth.php; -# # pop3_capabilities "TOP" "USER"; -# # imap_capabilities "IMAP4rev1" "UIDPLUS"; -# -# server { -# listen localhost:110; -# protocol pop3; -# proxy on; -# } -# -# server { -# listen localhost:143; -# protocol imap; -# proxy on; -# } -#} \ No newline at end of file + ## + # Virtual Host Configs + ## + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} \ No newline at end of file