Ajout : nginx : default_server .

[lhc/ateliers.git] / etc / nginx / nginx.conf

diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf
index b87bf14..25aa317 100644 (file)
--- a/etc/nginx/nginx.conf
+++ b/etc/nginx/nginx.conf
@@ -1,5 +1,4 @@
 # DOC: http://blog.martinfjordvald.com/2010/07/nginx-primer/
-daemon on;
 events {
        multi_accept on;
        use epoll;
@@ -22,13 +21,16 @@ http {
        default_type application/octet-stream;
        error_log /var/log/nginx/error.log warn;
        error_page 403 = 404;
-       fastcgi_cache_key "$request_method $scheme://$host$request_uri";
+       fastcgi_cache_key "$request_method $scheme://$http_host$request_uri";
        fastcgi_cache_path /run/shm/cache/nginx/fastcgi
+        inactive=10m
+        keys_zone=microcache:2M
         levels=1:2
-        keys_zone=microcache:10m
-        inactive=5m
-        max_size=64m;
-       fastcgi_cache microcache;
+        loader_files=100000
+        loader_sleep=1
+        loader_threshold=2592000000
+        max_size=64M;
+       fastcgi_temp_path /run/shm/tmp/nginx/ 1 2;
        gzip on;
        gzip_buffers 16 8k;
        gzip_comp_level 6;
@@ -64,12 +66,14 @@ http {
        open_file_cache_valid 30s;
        open_log_file_cache max=1000 inactive=20s min_uses=2 valid=1m;
        proxy_cache_use_stale updating;
+       proxy_temp_path /run/shm/cache/nginx/proxy_temp 1 2;
        reset_timedout_connection on;
        send_timeout 60;
                # NOTE: if the client stops reading data, free up the stale client connection after this much time.
        sendfile on;
        server_names_hash_bucket_size 128;
        server_tokens off;
+       ssl_session_cache shared:SSL:10m;
        tcp_nodelay on;
                # NOTE: don't buffer data-sends (disable Nagle algorithm).
                #       Good for sending frequent small bursts of data in real time.
@@ -79,9 +83,38 @@ http {
                #       This is useful for prepending headers before calling sendfile,
                #       or for throughput optimization.
        types_hash_max_size 2048;
+       map $http_user_agent $bad_bot {
+        # NOTE: user agents that are to be blocked.
+               default 0;
+               libwww-perl                      1;
+               ~(?i)(httrack|htmlparser|libwww) 1;
+        }
+       #map $http_referer $bad_referer {
+       # # NOTE: referrers that are to be blocked.
+       #       default 0;
+       #       ~(?i)(babes|casino|click|diamond|forsale|girl|jewelry|love|nudit|organic|poker|porn|poweroversoftware|replica|sex|teen|webcam|zippo) 1;
+       # }
+       geo $not_local {
+               default 1;
+               127.0.0.1 0;
+        }
+       include /etc/nginx/site.d/*/http.conf;
        include /etc/nginx/site.d/*/server.conf;
+       server {
+               listen 80 default_server;
+               server_name  _;
+               return 302 $scheme://heureux-cyclage.org$request_uri;
+        }
+       server {
+               listen 443 default_server;
+               server_name  _;
+               include             /etc/nginx/conf.d/ssl.conf;
+               ssl_certificate     /etc/nginx/x509.d/cyclo-www-tls/crt.pem;
+               ssl_certificate_key /etc/nginx/x509.d/cyclo-www-tls/key.pem;
+               return 302 $scheme://cyclocoop.org$request_uri;
+        }
  }
-pid /var/run/nginx.pid;
+pid /run/nginx.pid;
 user www-data;
 worker_processes 2;