user nginx; worker_processes 4; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; ssl_session_cache shared:SSL:20m; ssl_session_timeout 60m; ssl_prefer_server_ciphers on; ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5; ssl_dhparam /etc/nginx/cert/dhparam.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_stapling on; ssl_stapling_verify on; resolver 208.67.222.222 208.67.220.220; add_header Strict-Transport-Security "max-age=31536000" always; include /etc/nginx/conf.d/*.conf; }