dépôts / lhc / ateliers.git / blob
? search:


ad979c3a479c892e89a6f5db78d11ccf91e48a80
[lhc/ateliers.git] / etc / nginx / nginx.conf
1 # DOC: http://blog.martinfjordvald.com/2010/07/nginx-primer/
2 events {
3 multi_accept on;
4 use epoll;
5 worker_connections 1024;
6 }
7 http {
8 log_format main
9 '$remote_addr - $remote_user [$time_local] "$request" '
10 '$status $body_bytes_sent "$http_referer" '
11 '"$http_user_agent" "$http_x_forwarded_for"';
12 access_log /var/log/nginx/access.log main buffer=32k;
13 client_body_buffer_size 4K;
14 # NOTE: % getconf PAGESIZE
15 # 4096
16 client_body_temp_path /run/shm/cache/nginx/client_body 1 2;
17 client_body_timeout 60;
18 client_header_buffer_size 1k;
19 client_header_timeout 60;
20 client_max_body_size 20m;
21 default_type application/octet-stream;
22 error_log /var/log/nginx/error.log warn;
23 error_page 403 = 404;
24 fastcgi_cache_key "$request_method $scheme://$http_host$request_uri";
25 fastcgi_cache_path /run/shm/cache/nginx/fastcgi
26 inactive=10m
27 keys_zone=microcache:2M
28 levels=1:2
29 loader_files=100000
30 loader_sleep=1
31 loader_threshold=2592000000
32 max_size=64M;
33 fastcgi_temp_path /run/shm/tmp/nginx/ 1 2;
34 gzip on;
35 gzip_buffers 16 8k;
36 gzip_comp_level 6;
37 gzip_disable "MSIE [1-6]\.";
38 gzip_http_version 1.1;
39 gzip_min_length 1024;
40 gzip_proxied any;
41 gzip_static on;
42 gzip_vary on;
43 gzip_types
44 application/javascript
45 application/json
46 application/rss+xml
47 application/vnd.ms-fontobject
48 application/x-font-ttf
49 application/x-javascript
50 application/xml
51 application/xml+rss
52 font/opentype
53 font/truetype
54 image/svg+xml
55 text/css
56 text/javascript
57 text/plain
58 text/x-component
59 text/xml;
60 include /etc/nginx/mime.types;
61 keepalive_timeout 20;
62 large_client_header_buffers 4 8k;
63 map_hash_bucket_size 128;
64 open_file_cache max=200000 inactive=20s;
65 open_file_cache_errors on;
66 open_file_cache_min_uses 2;
67 open_file_cache_valid 30s;
68 open_log_file_cache max=1000 inactive=20s min_uses=2 valid=1m;
69 proxy_cache_use_stale updating;
70 proxy_temp_path /run/shm/cache/nginx/proxy_temp 1 2;
71 reset_timedout_connection on;
72 send_timeout 60;
73 # NOTE: if the client stops reading data, free up the stale client connection after this much time.
74 sendfile on;
75 server_names_hash_bucket_size 128;
76 server_tokens off;
77 ssl_session_cache shared:SSL:10m;
78 tcp_nodelay on;
79 # NOTE: don't buffer data-sends (disable Nagle algorithm).
80 # Good for sending frequent small bursts of data in real time.
81 tcp_nopush on;
82 # NOTE: causes nginx to attempt to send its HTTP response head in one packet,
83 # instead of using partial frames.
84 # This is useful for prepending headers before calling sendfile,
85 # or for throughput optimization.
86 types_hash_max_size 2048;
87 map $http_user_agent $bad_bot {
88 # NOTE: user agents that are to be blocked.
89 default 0;
90 libwww-perl 1;
91 ~(?i)(httrack|htmlparser|libwww) 1;
92 }
93 #map $http_referer $bad_referer {
94 # # NOTE: referrers that are to be blocked.
95 # default 0;
96 # ~(?i)(babes|casino|click|diamond|forsale|girl|jewelry|love|nudit|organic|poker|porn|poweroversoftware|replica|sex|teen|webcam|zippo) 1;
97 # }
98 geo $not_local {
99 default 1;
100 127.0.0.1 0;
101 }
102 include /etc/nginx/site.d/*/http.conf;
103 include /etc/nginx/site.d/*/server.conf;
104 server {
105 listen 80 default_server;
106 server_name _;
107 return 302 $scheme://heureux-cyclage.org$request_uri;
108 }
109 server {
110 listen 443 default_server;
111 server_name _;
112 include /etc/nginx/conf.d/ssl.conf;
113 ssl_certificate /etc/nginx/x509.d/cyclo-www-tls/crt.pem;
114 ssl_certificate_key /etc/nginx/x509.d/cyclo-www-tls/key.pem;
115 return 302 $scheme://cyclocoop.org$request_uri;
116 }
117 }
118 pid /run/nginx.pid;
119 user www-data;
120 worker_processes 2;
121
122 # vim: ft=sh
outils d'administration d'ateliers.heureux-cyclage.org