NGINX

pacman -Syu nginx-mainline certbot certbot-nginx

/etc/nginx/nginx.conf

user http;
worker_processes auto;
worker_cpu_affinity auto;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    multi_accept on;
    worker_connections  1024;
}


http {
    charset utf-8;
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    server_tokens off;
    log_not_found off;
    types_hash_max_size 4096;
    client_max_body_size 32M;

    # Excessive requests within the burst limit will be served immediately regardless of the specified rate,
    # requests above the burst limit will be rejected with the 503 error.
    # limit_req_zone $binary_remote_addr zone=one:20m rate=5r/s;
    # limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;

    # MIME
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';
    
    # logging
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log warn;
    #access_log  logs/access.log  main;
    
    # load configs
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    gzip  on;
    gzip_vary on;
    gzip_min_length 10240;
    gzip_proxied expired no-cache no-store private auth;
    gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
    gzip_disable "MSIE [1-6]\.";
}


include /etc/nginx/passthrough.conf;

mkdir /etc/nginx/sites-available

mkdir /etc/nginx/sites-enabled

systemctl enable nginx

/etc/letsencrypt/options-ssl-nginx.conf

ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;

ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;