From 28778e58775f9fb229039874c36c711e5a645591 Mon Sep 17 00:00:00 2001
From: Trey Blancher <trey@blancher.net>
Date: Mon, 28 Nov 2022 12:38:10 -0500
Subject: [PATCH] Initial commit

---
 nginx/nginx.conf | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100755 nginx/nginx.conf

diff --git a/nginx/nginx.conf b/nginx/nginx.conf
new file mode 100755
index 0000000..25ddf08
--- /dev/null
+++ b/nginx/nginx.conf
@@ -0,0 +1,38 @@
+#user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+#include /etc/nginx/modules-enabled/*.conf;
+pcre_jit on;
+error_log  /var/log/nginx/error.log  notice;
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+
+    access_log  /var/log/nginx/access.log;
+    sendfile        on;
+    tcp_nopush     on;
+    keepalive_timeout  65;
+    gzip  off;
+    ssl_ciphers "EECDH+AESGCM:AES256+EECDH";
+    ssl_protocols TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+    add_header Strict-Transport-Security "max-age-63072000; includeSubdomains; preload";
+    add_header X-Frame-Options DENY;
+    add_header X-Content-Options nosniff;
+    ssl_session_tickets off;
+    server_tokens off;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    resolver 8.8.8.8 8.8.4.4 valid=300s; # Google DNS
+    resolver_timeout 5s;
+    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/sites-enabled/*;
+}