user  nginx;
worker_processes  auto;
error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 1024;
}

http {
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    server_tokens off;
    client_body_buffer_size 10K;
    client_header_buffer_size 1k;
    client_max_body_size 8m;
    large_client_header_buffers 4 4k;
    server_names_hash_bucket_size 64;
    root   /usr/share/nginx/html;
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    access_log off;
    error_log /var/log/nginx/error.log;
    #Gzip
    gzip on;
    gzip_proxied any;
    gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
    gzip_comp_level 2;
    gzip_disable "msie6";
    gzip_buffers 16 8k;
    #SSL
    resolver 8.8.8.8;
    ssl_ecdh_curve secp384r1;
    ssl_session_cache shared:le_nginx_SSL:1m;
    ssl_session_timeout 1440m;
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
    add_header X-Frame-Options sameorigin;
    add_header X-Content-Type-Options nosniff;
    add_header X-Xss-Protection "1; mode=block";
    add_header Strict-Transport-Security "max-age=31536000" always;
    ssl_dhparam /etc/acmesh/certs/ssl-dhparams.pem;
    #Load Other configs
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;

    #Server config for unconfigured domains
    server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name _;
        add_header Content-Type text/html;
        return 200 '<html><head></head><body>Nginx is functioning normally</body></html>';
    }

}