-
Notifications
You must be signed in to change notification settings - Fork 9
Nginx Configuration
Archmonger edited this page Jan 7, 2021
·
15 revisions
Simplified nginx.conf file with SSL and slight performance optimizations. Pay attention to the <<<<<< HINT >>>>>> markers. Also, some file paths may be different depending on operating system.
# Name of the user account Nginx runs as
# <<<<<< Edit this line to a valid username, or "nobody" >>>>>>
user abc;
# Automatically create one worker per CPU core
worker_processes auto;
# Create a file that contains the process ID
# <<<<<< You can delete these two lines if not using Linux >>>>>>
pid /run/nginx.pid;
include /etc/nginx/modules/*.conf;
events {
# Maximum number of connections allowed per worker
worker_connections 768;
# Allow the web server to communicate with multiple clients at once instead of round-robin
multi_accept on;
}
http {
# Change how nginx buffers and reads files (for browser compatibility)
sendfile on;
# Time to wait until a zombied connection is killed
keepalive_timeout 65;
# Linux/FreeBSD speed optimizations
# <<<<<< You can delete these two lines if not using Linux >>>>>>
tcp_nopush on;
tcp_nodelay on;
# Setting up content types
# <<<<<< If not using edit this line to point to the mime.types file contained within Nginx's folders >>>>>>
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Create log files
access_log access.log;
error_log error.log;
# Data Compression
gzip on;
gzip_vary on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
gzip_disable "MSIE [1-6]\.";
# Redirect to force encrypted traffic
server {
listen 80 http2 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
# Configure the server to forward Plex to myserver.com
server {
# Use SSL traffic.
listen 443 ssl http2;
include ssl.conf;
# <<<<<< Edit this line to contain your domain name >>>>>>
server_name myserver.com;
location / {
include websockets.conf;
include reverse_proxy.conf;
# Add Improved Plex Mobile to all web requests
proxy_set_header Accept-Encoding "";
sub_filter '</head>' '<meta name="viewport" content="width=device-width, initial-scale=1"></meta> <link rel="stylesheet" type="text/css" href="https://archmonger.github.io/Improved-Plex-Mobile/plex_mobile.css"> </head>';
sub_filter_once on;
# Reverse proxy your Plex server's internal IP address
# <<<<<< Edit this line to have your Plex server's LAN address >>>>>>
proxy_pass https://192.168.1.200:32400/;
}
}
}
daemon off;This is a list of the contents used within each respective configuration file.
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Server $host:$server_port;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass_request_headers on;
proxy_redirect http:// $scheme://;# Set the SSL certificate files
# <<<<<< You'll need to obtain Origin Server certificates, such as from Let's Encrypt or Cloudflare >>>>>>
ssl_certificate keys/certificate.crt;
ssl_certificate_key keys/certificate.key;
# Only allow newer SSL protocols (prevent BEAST and POODLE attacks)
ssl_protocols TLSv1.2 TLSv1.3;
# Cipher-list for Perfect Forward Secrecy.
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
# Cache SSL sessions
ssl_session_cache shared:SSL:10m;
# Nginx does not rotate the session ticket key, so it's best disabled.
ssl_session_tickets off;