[GH-ISSUE #303] Add some suggested configurations to the http directive block #5941

New issue

Closed

opened 2026-03-01 17:08:12 +03:00 by kerem · 0 comments

kerem commented

2026-03-01 17:08:12 +03:00

Owner

Originally created by @jearton on GitHub (Feb 19, 2024).
Original GitHub issue: https://github.com/0xJacky/nginx-ui/issues/303

Is your feature request related to a problem? Please describe.
No

Describe the solution you'd like

# run nginx in foreground in docker container
daemon off;

# Enables the use of JIT for regular expressions to speed-up their processing.
pcre_jit on;

# Includes files with directives to load dynamic modules.
include /etc/nginx/modules/*.conf;

http {
    charset                     UTF-8;
    sendfile                    on;
    tcp_nopush                  on;
    tcp_nodelay                 on;
    server_tokens               off;
    log_not_found               off;
    types_hash_max_size         2048;
    types_hash_bucket_size      64;

    # Connection header for WebSocket reverse proxy
    map $http_upgrade $http_connection {
        default upgrade;
        ""      close;
    }

    # Whether to access static resources
    map $uri $not_static {
        default 1;
        ~*^.*\.(css|css\.map|js|js\.map|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv|txt|svgz?|ttf|ttc|otf|eot|woff2?)$ 0;
    }
    
    # Whether to write access_log
    map $status:$not_static $loggable {
        ~(^4|0$)    0;
        default     1;
    }

    # SSL
    ssl_session_timeout         1d;
    ssl_session_cache           shared:SSL:10m;
    ssl_session_tickets         off;
    
    # Diffie-Hellman parameter for DHE ciphersuites
    ssl_dhparam                 /etc/nginx/dhparam.pem;
    
    # Mozilla Intermediate configuration
    ssl_protocols               TLSv1.2 TLSv1.3;
    ssl_ciphers                 TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers   off;

    # Client Request
    client_body_buffer_size     4m;
    client_max_body_size        256m;
    client_body_temp_path       /tmp/nginx/body 1 2;
    
    # Proxy Response
    proxy_buffers               32 64k;
    proxy_buffer_size           64k;
    proxy_busy_buffers_size     128k;

    # DNS Resolver（Docker's embedded DNS server）
    resolver                    127.0.0.11 valid=300s ipv6=off;
    resolver_timeout            10s;
    
    # Gzip
    gzip                        on;
    gzip_vary                   on;
    gzip_proxied                any;
    gzip_min_length             100k;
    gzip_comp_level             6;
    gzip_types                  text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
}

Describe alternatives you've considered
No

Additional context
No

Originally created by @jearton on GitHub (Feb 19, 2024). Original GitHub issue: https://github.com/0xJacky/nginx-ui/issues/303 **Is your feature request related to a problem? Please describe.** No **Describe the solution you'd like** ```nginx # run nginx in foreground in docker container daemon off; # Enables the use of JIT for regular expressions to speed-up their processing. pcre_jit on; # Includes files with directives to load dynamic modules. include /etc/nginx/modules/*.conf; http { charset UTF-8; sendfile on; tcp_nopush on; tcp_nodelay on; server_tokens off; log_not_found off; types_hash_max_size 2048; types_hash_bucket_size 64; # Connection header for WebSocket reverse proxy map $http_upgrade $http_connection { default upgrade; "" close; } # Whether to access static resources map $uri $not_static { default 1; ~*^.*\.(css|css\.map|js|js\.map|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv|txt|svgz?|ttf|ttc|otf|eot|woff2?)$ 0; } # Whether to write access_log map $status:$not_static $loggable { ~(^4|0$) 0; default 1; } # SSL ssl_session_timeout 1d; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; # Diffie-Hellman parameter for DHE ciphersuites ssl_dhparam /etc/nginx/dhparam.pem; # Mozilla Intermediate configuration ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; # Client Request client_body_buffer_size 4m; client_max_body_size 256m; client_body_temp_path /tmp/nginx/body 1 2; # Proxy Response proxy_buffers 32 64k; proxy_buffer_size 64k; proxy_busy_buffers_size 128k; # DNS Resolver（Docker's embedded DNS server） resolver 127.0.0.11 valid=300s ipv6=off; resolver_timeout 10s; # Gzip gzip on; gzip_vary on; gzip_proxied any; gzip_min_length 100k; gzip_comp_level 6; gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml; } ``` **Describe alternatives you've considered** No **Additional context** No