mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-10-31 04:22:52 +00:00
116 lines
4.7 KiB
Nginx Configuration File
116 lines
4.7 KiB
Nginx Configuration File
user nginx;
|
|
worker_processes auto;
|
|
pid /run/nginx.pid;
|
|
load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so;
|
|
load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so;
|
|
load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so;
|
|
|
|
# OS ENV variables need to be defined here, so Lua can use them
|
|
env TPOT_OSTYPE;
|
|
|
|
# Both modules are needed for Lua, in this exact order
|
|
load_module /usr/lib/nginx/modules/ndk_http_module.so;
|
|
load_module /usr/lib/nginx/modules/ngx_http_lua_module.so;
|
|
|
|
events {
|
|
worker_connections 768;
|
|
# multi_accept on;
|
|
}
|
|
|
|
http {
|
|
##
|
|
# Basic Settings
|
|
##
|
|
resolver 127.0.0.11;
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
keepalive_timeout 65;
|
|
types_hash_max_size 2048;
|
|
# server_tokens off;
|
|
|
|
# server_names_hash_bucket_size 64;
|
|
# server_name_in_redirect off;
|
|
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
##
|
|
# Compression
|
|
##
|
|
|
|
# gzip
|
|
gzip on;
|
|
gzip_vary on;
|
|
gzip_proxied any;
|
|
gzip_comp_level 6;
|
|
gzip_types text/plain text/css text/xml application/json application/javascript application/xml+rss application/atom+xml image/svg+xml;
|
|
|
|
# brotli
|
|
brotli on;
|
|
brotli_static on;
|
|
brotli_comp_level 6;
|
|
brotli_types text/xml image/svg+xml application/x-font-ttf image/vnd.microsoft.icon application/x-font-opentype application/json font/eot application/vnd.ms-fontobject application/javascript font/otf application/xml application/xhtml+xml text/javascript application/x-javascript text/plain application/x-font-truetype application/xml+rss image/x-icon font/opentype text/css image/x-win-bitmap;
|
|
|
|
##
|
|
# SSL Settings
|
|
##
|
|
|
|
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
|
|
ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
##
|
|
# Logging Settings
|
|
##
|
|
|
|
log_format main_json escape=json '{'
|
|
'"msec": "$msec", ' # request unixtime in seconds with a milliseconds resolution
|
|
'"connection_serial": "$connection", ' # connection serial number
|
|
'"connection_requests": "$connection_requests", ' # number of requests made in connection
|
|
'"pid": "$pid", ' # process pid
|
|
'"request_id": "$request_id", ' # the unique request id
|
|
'"request_length": "$request_length", ' # request length (including headers and body)
|
|
'"src_ip": "$remote_addr", ' # client IP
|
|
'"remote_user": "$remote_user", ' # client HTTP username
|
|
'"src_port": "$remote_port", ' # client port
|
|
'"time_local": "$time_local", '
|
|
'"time_iso8601": "$time_iso8601", ' # local time in the ISO 8601 standard format
|
|
'"request_data": "$request", ' # full path no arguments if the request
|
|
'"request_uri": "$request_uri", ' # full path and arguments if the request
|
|
'"args": "$args", ' # args
|
|
'"status": "$status", ' # response status code
|
|
'"body_bytes_sent": "$body_bytes_sent", ' # the number of body bytes exclude headers sent to a client
|
|
'"bytes_sent": "$bytes_sent", ' # the number of bytes sent to a client
|
|
'"http_referer": "$http_referer", ' # HTTP referer
|
|
'"http_user_agent": "$http_user_agent", ' # user agent
|
|
'"http_x_forwarded_for": "$http_x_forwarded_for", ' # http_x_forwarded_for
|
|
'"http_host": "$http_host", ' # the request Host: header
|
|
'"server_name": "$server_name", ' # the name of the vhost serving the request
|
|
'"request_time": "$request_time", ' # request processing time in seconds with msec resolution
|
|
'"upstream": "$upstream_addr", ' # upstream backend server for proxied requests
|
|
'"upstream_connect_time": "$upstream_connect_time", ' # upstream handshake time incl. TLS
|
|
'"upstream_header_time": "$upstream_header_time", ' # time spent receiving upstream headers
|
|
'"upstream_response_time": "$upstream_response_time", ' # time spend receiving upstream body
|
|
'"upstream_response_length": "$upstream_response_length", ' # upstream response length
|
|
'"upstream_cache_status": "$upstream_cache_status", ' # cache HIT/MISS where applicable
|
|
'"ssl_protocol": "$ssl_protocol", ' # TLS protocol
|
|
'"ssl_cipher": "$ssl_cipher", ' # TLS cipher
|
|
'"scheme": "$scheme", ' # http or https
|
|
'"request_method": "$request_method", ' # request method
|
|
'"server_protocol": "$server_protocol", ' # request protocol, like HTTP/1.1 or HTTP/2.0
|
|
'"pipe": "$pipe", ' # “p” if request was pipelined, “.” otherwise
|
|
'"gzip_ratio": "$gzip_ratio", '
|
|
'"http_cf_ray": "$http_cf_ray", '
|
|
'"proxy_host": "$proxy_host"'
|
|
'}';
|
|
|
|
access_log /var/log/nginx/access.log main_json;
|
|
|
|
##
|
|
# Virtual Host Configs
|
|
##
|
|
|
|
include /etc/nginx/conf.d/*.conf;
|
|
include /etc/nginx/sites-enabled/*;
|
|
}
|