| Dir : /etc/nginx/conf.d/ |
| Server: Linux host100322.itwesthosting.com 3.10.0-1160.144.1.el7.tuxcare.els4.x86_64 #1 SMP Tue Apr 7 08:40:40 UTC 2026 x86_64 IP: 144.91.64.173 |
| Dir : //etc/nginx/conf.d/gzip.conf |
####
# per NGINX (http://nginx.org/en/docs/http/ngx_http_gzip_module.html):
# - When using the SSL/TLS protocol, compressed responses may be subject to BREACH attacks.
# - https://en.wikipedia.org/wiki/BREACH
# The best mitigation (besides not using compression at all) is:
# 1. Not sending sensitive data as part of your HTTP response
# 2. Use strict samesite cookies
# - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
#
# If that is not an acceptable risk please uninstall `ea-nginx-gzip`
##
# enable it and make it work
gzip on;
gzip_proxied any;
gzip_vary on;
gzip_disable "msie6";
# tune it
gzip_buffers 16 8k;
gzip_comp_level 5;
gzip_min_length 256;
# text/html is always included so it does not need to be in `gzip_types`
# if you do add it you will getting:
# `nginx: [warn] duplicate MIME type "text/html" in …`
gzip_types
application/atom+xml
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/x-font-opentype
application/x-font-truetype
application/x-font-ttf
application/x-javascript
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/eot
font/opentype
font/otf
font/truetype
image/bmp
image/svg+xml
image/vnd.microsoft.icon
image/x-icon
image/x-win-bitmap
text/cache-manifest
text/css
text/json
text/javascript
text/plain
text/shtml
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy
text/x-js
text/xml;