From 6bc1547c001d74fe8b8f0119e0f92df7cad42223 Mon Sep 17 00:00:00 2001
From: Hubert Cornet <hcornet@noreply@tips-of-mine.fr>
Date: Tue, 19 Nov 2024 19:08:30 +0100
Subject: [PATCH] Ajouter nginx/nginx.conf

---
 nginx/nginx.conf | 80 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 80 insertions(+)
 create mode 100644 nginx/nginx.conf

diff --git a/nginx/nginx.conf b/nginx/nginx.conf
new file mode 100644
index 0000000..cfd1de7
--- /dev/null
+++ b/nginx/nginx.conf
@@ -0,0 +1,80 @@
+### AAA
+user  nginx;
+worker_processes  auto;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    ##
+    # Basic Settings
+    ##
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+#    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+#                      '$status $body_bytes_sent "$http_referer" '
+#                      '"$http_user_agent" "$http_x_forwarded_for"';
+    log_format             main  '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+
+    keepalive_timeout  65;
+    server_tokens off;
+
+    limit_conn_zone $binary_remote_addr zone=perip:10m;
+    limit_conn_zone $server_name zone=perserver:10m;
+
+    client_body_buffer_size  100M;
+    client_header_buffer_size 100M;
+    client_max_body_size 100M;
+    large_client_header_buffers 2 100M;
+
+    tcp_nopush on;
+    types_hash_max_size 2048;
+
+    ##
+    # SSL Settings
+    ##
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
+    ssl_prefer_server_ciphers on;
+    ssl_dhparam /etc/nginx/ssl/dhparams.pem;
+    ssl_stapling on;
+    ssl_session_cache shared:SSL:50m;
+    ssl_stapling_verify on;
+    ssl_ecdh_curve secp384r1;
+
+    resolver 8.8.8.8;
+
+    gzip on;
+    gzip_types text/plain application/json text/css application/javascript application/x-javascript text/javascript text/xml application/xml application/rss+xml application/atom+xml application/rdf+xml;
+    gzip_min_length 1000;
+    gzip_proxied any;
+
+    add_header X-Frame-Options SAMEORIGIN;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
+
+#    server {
+#        listen 1080;
+#        server_name _;
+#
+#        root   /usr/share/nginx/html;
+#
+#        location /.well-known/ {}  # do not redirect requests letsencrypt
+#
+#        location / {  # the default location redirects to https
+#            return 301 https://$host$request_uri;
+#        }
+#    }
+
+    include /etc/nginx/conf.d/*.conf;
+}