# DOC: http://blog.martinfjordvald.com/2010/07/nginx-primer/
-daemon on;
events {
multi_accept on;
use epoll;
log_format main
'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for" nocache:$no_cache document_root:$document_root'
- ' fastcgi_script_name:$fastcgi_script_name'
- ' request_filename:$request_filename';
+ '"$http_user_agent" "$http_x_forwarded_for"';
+ log_format piwik
+ '{"ip": "$remote_addr",'
+ '"host": "$host",'
+ '"path": "$request_uri",'
+ '"status": "$status",'
+ '"referrer": "$http_referer",'
+ '"user_agent": "$http_user_agent",'
+ '"length": $bytes_sent,'
+ '"generation_time_milli": $request_time,'
+ '"date": "$time_iso8601"}';
access_log /var/log/nginx/access.log main buffer=32k;
client_body_buffer_size 4K;
# NOTE: % getconf PAGESIZE
default_type application/octet-stream;
error_log /var/log/nginx/error.log warn;
error_page 403 = 404;
- fastcgi_cache_key "$request_method $scheme://$host$request_uri";
+ fastcgi_cache_key "$request_method $scheme://$http_host$request_uri";
fastcgi_cache_path /run/shm/cache/nginx/fastcgi
+ inactive=10m
+ keys_zone=microcache:2M
levels=1:2
- keys_zone=microcache:10m
- inactive=5m
- max_size=64m;
- fastcgi_cache microcache;
+ loader_files=100000
+ loader_sleep=1
+ loader_threshold=2592000000
+ max_size=64M;
+ fastcgi_temp_path /run/shm/tmp/nginx/ 1 2;
gzip on;
gzip_buffers 16 8k;
gzip_comp_level 6;
include /etc/nginx/mime.types;
keepalive_timeout 20;
large_client_header_buffers 4 8k;
+ map_hash_bucket_size 128;
open_file_cache max=200000 inactive=20s;
open_file_cache_errors on;
open_file_cache_min_uses 2;
open_file_cache_valid 30s;
open_log_file_cache max=1000 inactive=20s min_uses=2 valid=1m;
proxy_cache_use_stale updating;
+ proxy_temp_path /run/shm/cache/nginx/proxy_temp 1 2;
reset_timedout_connection on;
send_timeout 60;
# NOTE: if the client stops reading data, free up the stale client connection after this much time.
sendfile on;
server_names_hash_bucket_size 128;
server_tokens off;
+ ssl_session_cache shared:SSL:10m;
tcp_nodelay on;
# NOTE: don't buffer data-sends (disable Nagle algorithm).
# Good for sending frequent small bursts of data in real time.
# This is useful for prepending headers before calling sendfile,
# or for throughput optimization.
types_hash_max_size 2048;
- include /etc/nginx/site.d/*/server.conf;
+ map $http_user_agent $bad_bot {
+ # NOTE: user agents that are to be blocked.
+ default 0;
+ libwww-perl 1;
+ ~(?i)(httrack|htmlparser|libwww) 1;
+ }
+ #map $http_referer $bad_referer {
+ # # NOTE: referrers that are to be blocked.
+ # default 0;
+ # ~(?i)(babes|casino|click|diamond|forsale|girl|jewelry|love|nudit|organic|poker|porn|poweroversoftware|replica|sex|teen|webcam|zippo) 1;
+ # }
+ geo $not_local {
+ default 1;
+ 127.0.0.1 0;
+ }
+ include /etc/nginx/site.d/*/http.conf;
+ include /etc/nginx/*/*/server.conf;
+ include /etc/nginx/*/*/*/server.conf;
+ server {
+ listen 80 default_server;
+ server_name _;
+ return 302 $scheme://heureux-cyclage.org$request_uri;
+ }
+ server {
+ listen 443 default_server;
+ server_name _;
+ include /etc/nginx/conf.d/ssl.conf;
+ ssl_certificate /etc/nginx/org/heureux-cyclage/crt.pem;
+ ssl_certificate_key /etc/nginx/org/heureux-cyclage/key.pem;
+ return 302 $scheme://heureux-cyclage.org$request_uri;
+ }
}
-pid /var/run/nginx.pid;
+pid /run/nginx.pid;
user www-data;
worker_processes 2;
dépôts / lhc / ateliers.git / blobdiff