X-Git-Url: https://git.cyclocoop.org/?a=blobdiff_plain;f=etc%2Fnginx%2Fnginx.conf;h=25aa317decdc1c18493dfef73dbd73164f4627ea;hb=38d168c3b1dc52a332e17702d53a94daaf4e8f18;hp=6860ff1c6bb2d7c9f6203814231e805dcc9869fd;hpb=c18eb554fffb9736aaeda756f5f9c69c34f95fb3;p=lhc%2Fateliers.git

diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf
index 6860ff1..25aa317 100644
--- a/etc/nginx/nginx.conf
+++ b/etc/nginx/nginx.conf
@@ -1,5 +1,4 @@
 # DOC: http://blog.martinfjordvald.com/2010/07/nginx-primer/
-daemon on;
 events {
 	multi_accept on;
 	use epoll;
@@ -22,13 +21,16 @@ http {
 	default_type application/octet-stream;
 	error_log /var/log/nginx/error.log warn;
 	error_page 403 = 404;
-	fastcgi_cache_key "$request_method $scheme://$host$request_uri";
+	fastcgi_cache_key "$request_method $scheme://$http_host$request_uri";
 	fastcgi_cache_path /run/shm/cache/nginx/fastcgi
+	 inactive=10m
+	 keys_zone=microcache:2M
 	 levels=1:2
-	 keys_zone=microcache:10m
-	 inactive=5m
-	 max_size=64m;
-	fastcgi_cache microcache;
+	 loader_files=100000
+	 loader_sleep=1
+	 loader_threshold=2592000000
+	 max_size=64M;
+	fastcgi_temp_path /run/shm/tmp/nginx/ 1 2;
 	gzip on;
 	gzip_buffers 16 8k;
 	gzip_comp_level 6;
@@ -64,12 +66,14 @@ http {
 	open_file_cache_valid 30s;
 	open_log_file_cache max=1000 inactive=20s min_uses=2 valid=1m;
 	proxy_cache_use_stale updating;
+	proxy_temp_path /run/shm/cache/nginx/proxy_temp 1 2;
 	reset_timedout_connection on;
 	send_timeout 60;
 		# NOTE: if the client stops reading data, free up the stale client connection after this much time.
 	sendfile on;
 	server_names_hash_bucket_size 128;
 	server_tokens off;
+	ssl_session_cache shared:SSL:10m;
 	tcp_nodelay on;
 		# NOTE: don't buffer data-sends (disable Nagle algorithm).
 		#       Good for sending frequent small bursts of data in real time.
@@ -79,7 +83,36 @@ http {
 		#       This is useful for prepending headers before calling sendfile,
 		#       or for throughput optimization.
 	types_hash_max_size 2048;
+	map $http_user_agent $bad_bot {
+	 # NOTE: user agents that are to be blocked.
+		default 0;
+		libwww-perl                      1;
+		~(?i)(httrack|htmlparser|libwww) 1;
+	 }
+	#map $http_referer $bad_referer {
+	# # NOTE: referrers that are to be blocked.
+	#	default 0;
+	#	~(?i)(babes|casino|click|diamond|forsale|girl|jewelry|love|nudit|organic|poker|porn|poweroversoftware|replica|sex|teen|webcam|zippo) 1;
+	# }
+	geo $not_local {
+		default 1;
+		127.0.0.1 0;
+	 }
+	include /etc/nginx/site.d/*/http.conf;
 	include /etc/nginx/site.d/*/server.conf;
+	server {
+		listen 80 default_server;
+		server_name  _;
+		return 302 $scheme://heureux-cyclage.org$request_uri;
+	 }
+	server {
+		listen 443 default_server;
+		server_name  _;
+		include             /etc/nginx/conf.d/ssl.conf;
+		ssl_certificate     /etc/nginx/x509.d/cyclo-www-tls/crt.pem;
+		ssl_certificate_key /etc/nginx/x509.d/cyclo-www-tls/key.pem;
+		return 302 $scheme://cyclocoop.org$request_uri;
+	 }
  }
 pid /run/nginx.pid;
 user www-data;