nginx.conf 2.02 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
# This is the nginx config file for guix-hpc.bordeaux.inria.fr.

user nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log error;
pid        /var/run/nginx.pid;

pcre_jit   on;

events {
    worker_connections  1024;
}

http {
    include /etc/nginx/mime.types;
    default_type  application/octet-stream;

    # We need to specify all these or nginx picks its own directory to
    # store them, which doesn't work because the store is read-only.
    client_body_temp_path /var/run/nginx/body;
    proxy_temp_path       /var/run/nginx/proxy;
    fastcgi_temp_path     /var/run/nginx/fastcgi;
    uwsgi_temp_path       /var/run/nginx/uwsgi;
    scgi_temp_path        /var/run/nginx/scgi;

    access_log	/var/log/nginx/access.log;

    sendfile        on;

    # Maximum chunk size to send.  Partly this is a workaround
    # for <http://bugs.gnu.org/19939>, but also the nginx docs
    # mention that "Without the limit, one fast connection may
    # seize the worker process entirely."
    # <http://nginx.org/en/docs/http/ngx_http_core_module#sendfile_max_chunk>
    sendfile_max_chunk 1m;

    keepalive_timeout  65;

    server {
	listen       80;
	server_name  guix-hpc.bordeaux.inria.fr;
	access_log   /var/log/nginx/http.access.log;
44 45

	include nginx-locations.conf;
46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67
    }
    server {
	listen       443 ssl;
	server_name  guix-hpc.bordeaux.inria.fr;

        ssl_certificate     /etc/letsencrypt/live/guix-hpc.bordeaux.inria.fr/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/guix-hpc.bordeaux.inria.fr/privkey.pem;

        # Make sure SSL is disabled.
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;

        # Disable weak cipher suites.
        ssl_ciphers         HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;

        # Use our own DH parameters created with:
        #    openssl dhparam -out dhparams.pem 2048
        # as suggested at <https://weakdh.org/sysadmin.html>.
        ssl_dhparam         /etc/dhparams.pem;

	access_log   /var/log/nginx/http.access.log;

68
	include nginx-locations.conf;
69
    }
70
}