etc/nginx/nginx.conf

   1 # DOC: http://blog.martinfjordvald.com/2010/07/nginx-primer/
   2 events {
   3         multi_accept on;
   4         use epoll;
   5         worker_connections 1024;
   6  }
   7 http {
   8         log_format main
   9          '$remote_addr - $remote_user [$time_local] "$request" '
  10          '$status $body_bytes_sent "$http_referer" '
  11          '"$http_user_agent" "$http_x_forwarded_for"';
  12         log_format piwik
  13          '{"ip": "$remote_addr",'
  14          '"host": "$host",'
  15          '"path": "$request_uri",'
  16          '"status": "$status",'
  17          '"referrer": "$http_referer",'
  18          '"user_agent": "$http_user_agent",'
  19          '"length": $bytes_sent,'
  20          '"generation_time_milli": $request_time,'
  21          '"date": "$time_iso8601"}';
  22         access_log /var/log/nginx/access.log main buffer=32k;
  23         client_body_buffer_size 4K;
  24                 # NOTE: % getconf PAGESIZE
  25                 #       4096
  26         client_body_temp_path /run/shm/cache/nginx/client_body 1 2;
  27         client_body_timeout 60;
  28         client_header_buffer_size 1k;
  29         client_header_timeout 60;
  30         client_max_body_size 20m;
  31         default_type application/octet-stream;
  32         error_log /var/log/nginx/error.log warn;
  33         error_page 403 = 404;
  34         fastcgi_cache_key "$request_method $scheme://$http_host$request_uri";
  35         fastcgi_cache_path /run/shm/cache/nginx/fastcgi
  36          inactive=10m
  37          keys_zone=microcache:2M
  38          levels=1:2
  39          loader_files=100000
  40          loader_sleep=1
  41          loader_threshold=2592000000
  42          max_size=64M;
  43         fastcgi_temp_path /run/shm/tmp/nginx/ 1 2;
  44         gzip on;
  45         gzip_buffers 16 8k;
  46         gzip_comp_level 6;
  47         gzip_disable "MSIE [1-6]\.";
  48         gzip_http_version 1.1;
  49         gzip_min_length 1024;
  50         gzip_proxied any;
  51         gzip_static on;
  52         gzip_vary on;
  53         gzip_types
  54          application/javascript
  55          application/json
  56          application/rss+xml
  57          application/vnd.ms-fontobject
  58          application/x-font-ttf
  59          application/x-javascript
  60          application/xml
  61          application/xml+rss
  62          font/opentype
  63          font/truetype
  64          image/svg+xml
  65          text/css
  66          text/javascript
  67          text/plain
  68          text/x-component
  69          text/xml;
  70         include /etc/nginx/mime.types;
  71         keepalive_timeout 20;
  72         large_client_header_buffers 4 8k;
  73         map_hash_bucket_size 128;
  74         open_file_cache max=200000 inactive=20s;
  75         open_file_cache_errors on;
  76         open_file_cache_min_uses 2;
  77         open_file_cache_valid 30s;
  78         open_log_file_cache max=1000 inactive=20s min_uses=2 valid=1m;
  79         proxy_cache_use_stale updating;
  80         proxy_temp_path /run/shm/cache/nginx/proxy_temp 1 2;
  81         reset_timedout_connection on;
  82         send_timeout 60;
  83                 # NOTE: if the client stops reading data, free up the stale client connection after this much time.
  84         sendfile on;
  85         server_names_hash_bucket_size 128;
  86         server_tokens off;
  87         ssl_session_cache shared:SSL:10m;
  88         tcp_nodelay on;
  89                 # NOTE: don't buffer data-sends (disable Nagle algorithm).
  90                 #       Good for sending frequent small bursts of data in real time.
  91         tcp_nopush on;
  92                 # NOTE: causes nginx to attempt to send its HTTP response head in one packet,
  93                 #       instead of using partial frames.
  94                 #       This is useful for prepending headers before calling sendfile,
  95                 #       or for throughput optimization.
  96         types_hash_max_size 2048;
  97         map $http_user_agent $bad_bot {
  98          # NOTE: user agents that are to be blocked.
  99                 default 0;
 100                 libwww-perl                      1;
 101                 ~(?i)(httrack|htmlparser|libwww) 1;
 102          }
 103         #map $http_referer $bad_referer {
 104         # # NOTE: referrers that are to be blocked.
 105         #       default 0;
 106         #       ~(?i)(babes|casino|click|diamond|forsale|girl|jewelry|love|nudit|organic|poker|porn|poweroversoftware|replica|sex|teen|webcam|zippo) 1;
 107         # }
 108         geo $not_local {
 109                 default 1;
 110                 127.0.0.1 0;
 111          }
 112         include /etc/nginx/site.d/*/http.conf;
 113         include /etc/nginx/*/*/server.conf;
 114         include /etc/nginx/*/*/*/server.conf;
 115         server {
 116                 listen 80 default_server;
 117                 server_name  _;
 118                 return 302 $scheme://heureux-cyclage.org$request_uri;
 119          }
 120         server {
 121                 listen 443 default_server;
 122                 server_name  _;
 123                 include             /etc/nginx/conf.d/ssl.conf;
 124                 ssl_certificate     /etc/nginx/org/heureux-cyclage/crt.pem;
 125                 ssl_certificate_key /etc/nginx/org/heureux-cyclage/key.pem;
 126                 return 302 $scheme://heureux-cyclage.org$request_uri;
 127          }
 128  }
 129 pid /run/nginx.pid;
 130 user www-data;
 131 worker_processes 2;
 132
 133 # vim: ft=sh