| blob | e9f6537ba6acc6e2387ec5679bf6f9ccd865877a |
1 #pid /run/nginx/nginx.pid;
2 error_log stderr;
3 daemon off;
4 events {
5 }
6 http {
7 access_log off;
8 # Load mime types.
9 include nginx.d/mime.types;
10 # When recommendedOptimisation is disabled nginx fails to start because the mailmap mime.types database
11 # contains 1026 entries and the default is only 1024. Setting to a higher number to remove the need to
12 # overwrite it because nginx does not allow duplicated settings.
13 #types_hash_max_size 4096;
14 #include /nix/store/rk0y1aiis5c5rzcamj7i30vywk4m7z88-nginx-1.24.0/conf/fastcgi.conf;
15 #include /nix/store/rk0y1aiis5c5rzcamj7i30vywk4m7z88-nginx-1.24.0/conf/uwsgi_params;
16 default_type application/octet-stream;
17 resolver localhost dns.google one.one.one.one ;
18 # optimisation
19 sendfile on;
20 tcp_nopush on;
21 tcp_nodelay on;
22 keepalive_timeout 65;
23 ssl_protocols TLSv1.2 TLSv1.3;
24 ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
25 # Keep in sync with https://ssl-config.mozilla.org/#server=nginx&config=intermediate
26 ssl_session_timeout 1d;
27 ssl_session_cache shared:SSL:10m;
28 # Breaks forward secrecy: https://github.com/mozilla/server-side-tls/issues/135
29 ssl_session_tickets off;
30 # We don't enable insecure ciphers by default, so this allows
31 # clients to pick the most performant, per https://github.com/mozilla/server-side-tls/issues/260
32 ssl_prefer_server_ciphers off;
33 # OCSP stapling
34 ssl_stapling on;
35 ssl_stapling_verify on;
36 #gzip on;
37 #gzip_static on;
38 #gzip_vary on;
39 #gzip_comp_level 5;
40 #gzip_min_length 256;
41 #gzip_proxied expired no-cache no-store private auth;
42 #gzip_types application/atom+xml application/geo+json application/javascript application/json application/ld+json application/manifest+json application/rdf+xml application/vnd.ms-fontobject application/wasm application/x-rss+xml application/x-web-app-manifest+json application/xhtml+xml application/xliff+xml application/xml font/collection font/otf font/ttf image/bmp image/svg+xml image/vnd.microsoft.icon text/cache-manifest text/calendar text/css text/csv text/javascript text/markdown text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/xml;
43 proxy_redirect off;
44 proxy_connect_timeout 60s;
45 proxy_send_timeout 60s;
46 proxy_read_timeout 60s;
47 proxy_http_version 1.1;
48 # don't let clients close the keep-alive connection to upstream. See the nginx blog for details:
49 # https://www.nginx.com/blog/avoiding-top-10-nginx-configuration-mistakes/#no-keepalives
50 proxy_set_header "Connection" "";
51 include nginx.d/proxy-headers.conf;
52 # $connection_upgrade is used for websocket proxying
53 #map $http_upgrade $connection_upgrade {
54 # default upgrade;
55 # '' close;
56 #}
57 client_max_body_size 10m;
58 server_tokens off;
59 server {
60 listen localhost:8080 default_server;
61 location /dns-query {
62 proxy_pass https://dns.google/dns-query
63 include nginx.d/proxy-headers.conf;
64 }
65 location /ielts.md {
66 proxy_pass http://nuc-pek.lb.func.xyz:27104/index.md;
67 include nginx.d/proxy-headers.conf;
68 }
69 location /ielts.html {
70 proxy_pass http://nuc-pek.lb.func.xyz:27104/index.html;
71 include nginx.d/proxy-headers.conf;
72 }
73 }
74 }