2025-11-04

containers/conf/angie/angie.conf-packaged

@@ -0,0 +1,201 @@
+###
+## This file comes with the "Angie modules" on https://deb.paranoid.nl/angie-modules
+## It contains various optimizations, examples and tweaks.
+####
+
+user www-data;
+
+worker_processes auto;
+worker_rlimit_nofile 10000;
+
+pid /run/angie.pid;
+include /etc/angie/modules-enabled/*.conf;
+
+pcre_jit on;
+
+events {
+    worker_connections 8192;  # this can go as high as ulimit -n
+    multi_accept on;
+    use epoll;
+}
+
+http {
+
+    ##
+    # Basic Settings
+    ##
+
+    aio threads;
+    aio_write on;
+    sendfile on;
+    directio 256k;
+    sendfile_max_chunk 256k;
+
+    tcp_nopush on;
+    tcp_nodelay on;
+
+    include /etc/angie/mime.types;
+    server_name_in_redirect off; # if off, angie will use the requested Host header
+    source_charset utf-8; # same value as "charset"
+
+
+    ###
+    ## Enable security_headers only if you installed/enabled the module
+    ###
+    #  security_headers on;
+
+
+    ###
+    ## Enable other security headers.
+    ###
+    #  hide_server_tokens on;
+    #  fastcgi_hide_header X-Powered-By;
+    #  server_tokens off;
+
+    ##
+    # Optimizing TLS over TCP to reduce latency (Cloudflare patch)
+    ##
+    # ssl_dyn_rec_enable on;
+
+    ##
+    # Enable HTTP2 and HTTP3
+    #
+    http2 on;
+    #http3 on;
+
+    ##
+    # SSL Settings
+    ##
+
+    # Enable only if you are running on a openssl3 build and kernel 4.17 or higher
+    # You need to do `modprobe tls` to load the kernel TLS module
+    #ssl_conf_command Options KTLS;
+
+    ssl_protocols TLSv1.3 TLSv1.2;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
+
+    ssl_dhparam /etc/angie/dhparam.pem;
+    ssl_ecdh_curve secp521r1:secp384r1;
+    ssl_session_tickets off;
+    ssl_early_data on;
+
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 1440m;
+
+    # OCSP Stapling
+    # fetch OCSP records from URL in ssl_certificate and cache them
+    # Please enter your own nameservers for security
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    resolver 1.1.1.1 8.8.8.8 valid=300;
+
+    ##
+    # Logging Settings
+    ##
+
+    ## Log Format
+    log_format main '$remote_addr $host $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $ssl_cipher $request_time';
+
+    access_log /var/log/angie/access.log;
+    error_log /var/log/angie/error.log;
+
+    ##
+    # Gzip Settings
+    ##
+    gzip on;
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_buffers 16 8k;
+    gzip_http_version 1.1;
+    gzip_min_length 250;
+    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+    ##
+    # Brotli settings  (Please load module first!)
+    ##
+    #brotli on;
+    #brotli_comp_level 4;
+    #brotli_buffers 32 8k;
+    #brotli_min_length 1000;
+    #brotli_static on;
+    #brotli_types image/svg+xml text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon;
+
+    ##
+    # ZSTD Settings (Please load module first!)
+    ##
+    #zstd on;
+    #zstd_min_length 256; # no less than 256 bytes
+    #zstd_comp_level 3; # set the level to #
+    #zstd_buffers 32 8k;
+    #zstd_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/ xml+rss text/javascript image/x-icon;
+
+
+    ###
+    ## Miscellaneous
+    ###
+
+    # cache informations about FDs, frequently accessed files
+    # can boost performance, but you need to test those values
+    #open_file_cache max=200000 inactive=20s;
+    #open_file_cache_valid 30s;
+    #open_file_cache_min_uses 2;
+    #open_file_cache_errors on;
+
+    server_names_hash_bucket_size 256;
+    server_names_hash_max_size 2048;
+    variables_hash_bucket_size 256;
+    variables_hash_max_size 2048;
+    map_hash_max_size 2048;
+    map_hash_bucket_size 256;
+
+    #postpone_output 1440;    # postpone sends to match our machine's MSS
+    read_ahead 512K;          # kernel read head set to the output_buffers
+    output_buffers 4 512k;   
+
+    # Buffer size for POST submissions
+    client_body_buffer_size 80K;
+    client_max_body_size 16m;
+
+    # Buffer size for Headers
+    client_header_buffer_size 1k;
+
+    # Timeouts, do not keep connections open longer then necessary to reduce
+    # resource usage and deny Slowloris type attacks.
+    client_body_timeout 12;  # maximum time between packets the client can pause when sending angie any data
+    client_header_timeout 12;# maximum time the client has to send the entire header to ngin 
+    keepalive_timeout 15;    # timeout which a single keep-alive client connection will stay open
+    keepalive_disable none;  # allow all browsers to use keepalive connections
+    keepalive_requests 5000; # number of requests per connection, does not affect SPDY
+    reset_timedout_connection on; # Allow the server to close the connection after a client stops responding.
+    send_timeout 12;
+
+    ##
+    # Virtual Host Configs
+    ##
+
+    include /etc/angie/conf.d/*.conf;
+    include /etc/angie/sites-enabled/*;
+}
+
+#mail {
+#	# See sample authentication script at:
+#	# http://wiki.angie.org/ImapAuthenticateWithApachePhpScript
+#
+#	# auth_http localhost/auth.php;
+#	# pop3_capabilities "TOP" "USER";
+#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
+#
+#	server {
+#		listen     localhost:110;
+#		protocol   pop3;
+#		proxy      on;
+#	}
+#
+#	server {
+#		listen     localhost:143;
+#		protocol   imap;
+#		proxy      on;
+#	}
+#}