imag/doc/nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
worker_rlimit_nofile 16384;  # 1024 * <gb of memory your server has>

events {
    use epoll;
    multi_accept on;
    worker_connections 6144;  # 1024 * <core count your server has>
}

http {
    include mime.types;
    default_type application/octet-stream;

    access_log off;

    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 120;
    types_hash_max_size 2048;
    server_names_hash_bucket_size 256;

    sendfile on;

    server {
        listen 80;
        listen [::]:80;

        server_name imag.example.com;  # or whatever domain you use

        access_log off;

        return 301 https://$server_name$request_uri;
    }

    server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;

        server_name imag.example.com;

        access_log off;

        # letsencrypt ssl certs - you don't have to use LE, but this is just an example
        ssl_certificate /etc/letsencrypt/live/imag.example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/imag.example.com/privkey.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/imag.example.com/chain.pem;

        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_session_timeout 1d;
        ssl_session_cache shared:MozSSL:10m;
        ssl_session_tickets off;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256';
        ssl_prefer_server_ciphers on;

        location / {
            access_log off;

            proxy_pass http://127.0.0.1:19721;  # or wherever your app is running

            proxy_cache_bypass $http_upgrade;
            proxy_http_version 1.1;

            proxy_set_header Host $host;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;

            client_max_body_size 512M;
            proxy_max_temp_file_size 0;
            proxy_buffering off;
        }
    }
}
Import 2025-01-30 22:43:32 -06:00			`user www-data;`
			`worker_processes auto;`
			`pid /run/nginx.pid;`
			`worker_rlimit_nofile 16384; # 1024 * <gb of memory your server has>`

			`events {`
			`use epoll;`
			`multi_accept on;`
			`worker_connections 6144; # 1024 * <core count your server has>`
			`}`

			`http {`
			`include mime.types;`
			`default_type application/octet-stream;`

			`access_log off;`

			`tcp_nopush on;`
			`tcp_nodelay on;`
			`keepalive_timeout 120;`
			`types_hash_max_size 2048;`
			`server_names_hash_bucket_size 256;`

			`sendfile on;`

			`server {`
			`listen 80;`
			`listen [::]:80;`

			`server_name imag.example.com; # or whatever domain you use`

			`access_log off;`

			`return 301 https://$server_name$request_uri;`
			`}`

			`server {`
			`listen 443 ssl http2;`
			`listen [::]:443 ssl http2;`

			`server_name imag.example.com;`

			`access_log off;`

			`# letsencrypt ssl certs - you don't have to use LE, but this is just an example`
			`ssl_certificate /etc/letsencrypt/live/imag.example.com/fullchain.pem;`
			`ssl_certificate_key /etc/letsencrypt/live/imag.example.com/privkey.pem;`
			`ssl_trusted_certificate /etc/letsencrypt/live/imag.example.com/chain.pem;`

			`ssl_stapling on;`
			`ssl_stapling_verify on;`
			`ssl_session_timeout 1d;`
			`ssl_session_cache shared:MozSSL:10m;`
			`ssl_session_tickets off;`
			`ssl_protocols TLSv1.2 TLSv1.3;`
			`ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256';`
			`ssl_prefer_server_ciphers on;`

			`location / {`
			`access_log off;`

			`proxy_pass http://127.0.0.1:19721; # or wherever your app is running`

			`proxy_cache_bypass $http_upgrade;`
			`proxy_http_version 1.1;`

			`proxy_set_header Host $host;`
			`proxy_set_header Upgrade $http_upgrade;`
			`proxy_set_header Connection "upgrade";`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $scheme;`

			`client_max_body_size 512M;`
			`proxy_max_temp_file_size 0;`
			`proxy_buffering off;`
			`}`
			`}`
			`}`