# DOC: http://blog.martinfjordvald.com/2010/07/nginx-primer/
events {
	multi_accept on;
	use epoll;
	worker_connections 1024;
 }
http {
	log_format main
	 '$remote_addr - $remote_user [$time_local] "$request" '
	 '$status $body_bytes_sent "$http_referer" '
	 '"$http_user_agent" "$http_x_forwarded_for"';
	log_format piwik
	 '{"ip": "$remote_addr",'
	 '"host": "$host",'
	 '"path": "$request_uri",'
	 '"status": "$status",'
	 '"referrer": "$http_referer",'
	 '"user_agent": "$http_user_agent",'
	 '"length": $bytes_sent,'
	 '"generation_time_milli": $request_time,'
	 '"date": "$time_iso8601"}';
	access_log /var/log/nginx/access.log main buffer=32k;
	client_body_buffer_size 4K;
		# NOTE: % getconf PAGESIZE
		#       4096
	client_body_temp_path /run/shm/cache/nginx/client_body 1 2;
	client_body_timeout 60;
	client_header_buffer_size 1k;
	client_header_timeout 60;
	client_max_body_size 20m;
	default_type application/octet-stream;
	error_log /var/log/nginx/error.log warn;
	error_page 403 = 404;
	fastcgi_cache_key "$request_method $scheme://$http_host$request_uri";
	fastcgi_cache_path /run/shm/cache/nginx/fastcgi
	 inactive=10m
	 keys_zone=microcache:2M
	 levels=1:2
	 loader_files=100000
	 loader_sleep=1
	 loader_threshold=2592000000
	 max_size=64M;
	fastcgi_temp_path /run/shm/tmp/nginx/ 1 2;
	gzip on;
	gzip_buffers 16 8k;
	gzip_comp_level 6;
	gzip_disable "MSIE [1-6]\.";
	gzip_http_version 1.1;
	gzip_min_length 1024;
	gzip_proxied any;
	gzip_static on;
	gzip_vary on;
	gzip_types
	 application/javascript
	 application/json
	 application/rss+xml
	 application/vnd.ms-fontobject
	 application/x-font-ttf
	 application/x-javascript
	 application/xml
	 application/xml+rss
	 font/opentype
	 font/truetype
	 image/svg+xml
	 text/css
	 text/javascript
	 text/plain
	 text/x-component
	 text/xml;
	include /etc/nginx/mime.types;
	keepalive_timeout 20;
	large_client_header_buffers 4 8k;
	map_hash_bucket_size 128;
	open_file_cache max=200000 inactive=20s; 
	open_file_cache_errors on;
	open_file_cache_min_uses 2;
	open_file_cache_valid 30s;
	open_log_file_cache max=1000 inactive=20s min_uses=2 valid=1m;
	proxy_cache_use_stale updating;
	proxy_temp_path /run/shm/cache/nginx/proxy_temp 1 2;
	reset_timedout_connection on;
	send_timeout 60;
		# NOTE: if the client stops reading data, free up the stale client connection after this much time.
	sendfile on;
	server_names_hash_bucket_size 128;
	server_tokens off;
	ssl_session_cache shared:SSL:10m;
	tcp_nodelay on;
		# NOTE: don't buffer data-sends (disable Nagle algorithm).
		#       Good for sending frequent small bursts of data in real time.
	tcp_nopush on;
		# NOTE: causes nginx to attempt to send its HTTP response head in one packet,
		#       instead of using partial frames.
		#       This is useful for prepending headers before calling sendfile,
		#       or for throughput optimization.
	types_hash_max_size 2048;
	map $http_user_agent $bad_bot {
	 # NOTE: user agents that are to be blocked.
		default 0;
		libwww-perl                      1;
		~(?i)(httrack|htmlparser|libwww) 1;
	 }
	#map $http_referer $bad_referer {
	# # NOTE: referrers that are to be blocked.
	#	default 0;
	#	~(?i)(babes|casino|click|diamond|forsale|girl|jewelry|love|nudit|organic|poker|porn|poweroversoftware|replica|sex|teen|webcam|zippo) 1;
	# }
	geo $not_local {
		default 1;
		127.0.0.1 0;
	 }
	include /etc/nginx/site.d/*/http.conf;
	include /etc/nginx/*/*/server.conf;
	include /etc/nginx/*/*/*/server.conf;
	server {
		listen 80 default_server;
		server_name  _;
		return 302 $scheme://heureux-cyclage.org$request_uri;
	 }
	server {
		listen 443 default_server;
		server_name  _;
		include             /etc/nginx/conf.d/ssl.conf;
		ssl_certificate     /etc/nginx/org/heureux-cyclage/crt.pem;
		ssl_certificate_key /etc/nginx/org/heureux-cyclage/key.pem;
		return 302 $scheme://heureux-cyclage.org$request_uri;
	 }
 }
pid /run/nginx.pid;
user www-data;
worker_processes 2;

# vim: ft=sh