X-Git-Url: https://git.cyclocoop.org/?a=blobdiff_plain;f=etc%2Fnginx%2Fnginx.conf;h=70aed2cf0913e91790c8f77fdaee2bcf3c95a5cb;hb=c4717250cb06e371647850e2e72d9fba8768b81b;hp=220c1f441171ba13f5a0809c0e32daeaabfce54d;hpb=4699cb3295e62b8035110ad473cd379d25dc8fdf;p=lhc%2Fateliers.git diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf index 220c1f4..70aed2c 100644 --- a/etc/nginx/nginx.conf +++ b/etc/nginx/nginx.conf @@ -9,6 +9,16 @@ http { '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; + log_format piwik + '{"ip": "$remote_addr",' + '"host": "$host",' + '"path": "$request_uri",' + '"status": "$status",' + '"referrer": "$http_referer",' + '"user_agent": "$http_user_agent",' + '"length": $bytes_sent,' + '"generation_time_milli": $request_time,' + '"date": "$time_iso8601"}'; access_log /var/log/nginx/access.log main buffer=32k; client_body_buffer_size 4K; # NOTE: % getconf PAGESIZE @@ -21,13 +31,16 @@ http { default_type application/octet-stream; error_log /var/log/nginx/error.log warn; error_page 403 = 404; - fastcgi_cache_key "$request_method $scheme://$host$request_uri"; + fastcgi_cache_key "$request_method $scheme://$http_host$request_uri"; fastcgi_cache_path /run/shm/cache/nginx/fastcgi + inactive=10m + keys_zone=microcache:2M levels=1:2 - keys_zone=microcache:10m - inactive=5m - max_size=64m; - fastcgi_cache microcache; + loader_files=100000 + loader_sleep=1 + loader_threshold=2592000000 + max_size=64M; + fastcgi_temp_path /run/shm/tmp/nginx/ 1 2; gzip on; gzip_buffers 16 8k; gzip_comp_level 6; @@ -57,18 +70,21 @@ http { include /etc/nginx/mime.types; keepalive_timeout 20; large_client_header_buffers 4 8k; + map_hash_bucket_size 128; open_file_cache max=200000 inactive=20s; open_file_cache_errors on; open_file_cache_min_uses 2; open_file_cache_valid 30s; open_log_file_cache max=1000 inactive=20s min_uses=2 valid=1m; proxy_cache_use_stale updating; + proxy_temp_path /run/shm/cache/nginx/proxy_temp 1 2; reset_timedout_connection on; send_timeout 60; # NOTE: if the client stops reading data, free up the stale client connection after this much time. sendfile on; server_names_hash_bucket_size 128; server_tokens off; + ssl_session_cache shared:SSL:10m; tcp_nodelay on; # NOTE: don't buffer data-sends (disable Nagle algorithm). # Good for sending frequent small bursts of data in real time. @@ -78,7 +94,36 @@ http { # This is useful for prepending headers before calling sendfile, # or for throughput optimization. types_hash_max_size 2048; + map $http_user_agent $bad_bot { + # NOTE: user agents that are to be blocked. + default 0; + libwww-perl 1; + ~(?i)(httrack|htmlparser|libwww) 1; + } + #map $http_referer $bad_referer { + # # NOTE: referrers that are to be blocked. + # default 0; + # ~(?i)(babes|casino|click|diamond|forsale|girl|jewelry|love|nudit|organic|poker|porn|poweroversoftware|replica|sex|teen|webcam|zippo) 1; + # } + geo $not_local { + default 1; + 127.0.0.1 0; + } + include /etc/nginx/site.d/*/http.conf; include /etc/nginx/site.d/*/server.conf; + server { + listen 80 default_server; + server_name _; + return 302 $scheme://heureux-cyclage.org$request_uri; + } + server { + listen 443 default_server; + server_name _; + include /etc/nginx/conf.d/ssl.conf; + ssl_certificate /etc/nginx/x509.d/cyclo-www-tls/crt.pem; + ssl_certificate_key /etc/nginx/x509.d/cyclo-www-tls/key.pem; + return 302 $scheme://cyclocoop.org$request_uri; + } } pid /run/nginx.pid; user www-data;