1 # DOC: http://blog.martinfjordvald.com/2010/07/nginx-primer/
5 worker_connections 1024;
9 '$remote_addr - $remote_user [$time_local] "$request" '
10 '$status $body_bytes_sent "$http_referer" '
11 '"$http_user_agent" "$http_x_forwarded_for"';
13 '{"ip": "$remote_addr",'
15 '"path": "$request_uri",'
16 '"status": "$status",'
17 '"referrer": "$http_referer",'
18 '"user_agent": "$http_user_agent",'
19 '"length": $bytes_sent,'
20 '"generation_time_milli": $request_time,'
21 '"date": "$time_iso8601"}';
22 access_log /var/log/nginx/access.log main buffer=32k;
23 client_body_buffer_size 4K;
24 # NOTE: % getconf PAGESIZE
26 client_body_temp_path /run/shm/cache/nginx/client_body 1 2;
27 client_body_timeout 60;
28 client_header_buffer_size 1k;
29 client_header_timeout 60;
30 client_max_body_size 20m;
31 default_type application/octet-stream;
32 error_log /var/log/nginx/error.log warn;
34 fastcgi_cache_key "$request_method $scheme://$http_host$request_uri";
35 fastcgi_cache_path /run/shm/cache/nginx/fastcgi
37 keys_zone=microcache:2M
41 loader_threshold=2592000000
43 fastcgi_temp_path /run/shm/tmp/nginx/ 1 2;
47 gzip_disable "MSIE [1-6]\.";
48 gzip_http_version 1.1;
54 application/javascript
57 application/vnd.ms-fontobject
58 application/x-font-ttf
59 application/x-javascript
70 include /etc/nginx/mime.types;
72 large_client_header_buffers 4 8k;
73 map_hash_bucket_size 128;
74 open_file_cache max=200000 inactive=20s;
75 open_file_cache_errors on;
76 open_file_cache_min_uses 2;
77 open_file_cache_valid 30s;
78 open_log_file_cache max=1000 inactive=20s min_uses=2 valid=1m;
79 proxy_cache_use_stale updating;
80 proxy_temp_path /run/shm/cache/nginx/proxy_temp 1 2;
81 reset_timedout_connection on;
83 # NOTE: if the client stops reading data, free up the stale client connection after this much time.
85 server_names_hash_bucket_size 128;
87 ssl_session_cache shared:SSL:10m;
89 # NOTE: don't buffer data-sends (disable Nagle algorithm).
90 # Good for sending frequent small bursts of data in real time.
92 # NOTE: causes nginx to attempt to send its HTTP response head in one packet,
93 # instead of using partial frames.
94 # This is useful for prepending headers before calling sendfile,
95 # or for throughput optimization.
96 types_hash_max_size 2048;
97 map $http_user_agent $bad_bot {
98 # NOTE: user agents that are to be blocked.
101 ~(?i)(httrack|htmlparser|libwww) 1;
103 #map $http_referer $bad_referer {
104 # # NOTE: referrers that are to be blocked.
106 # ~(?i)(babes|casino|click|diamond|forsale|girl|jewelry|love|nudit|organic|poker|porn|poweroversoftware|replica|sex|teen|webcam|zippo) 1;
112 include /etc/nginx/site.d/*/http.conf;
113 include /etc/nginx/site.d/*/server.conf;
115 listen 80 default_server;
117 return 302 $scheme://heureux-cyclage.org$request_uri;
120 listen 443 default_server;
122 include /etc/nginx/conf.d/ssl.conf;
123 ssl_certificate /etc/nginx/x509.d/cyclo-www-tls/crt.pem;
124 ssl_certificate_key /etc/nginx/x509.d/cyclo-www-tls/key.pem;
125 return 302 $scheme://cyclocoop.org$request_uri;