X-Git-Url: https://git.cyclocoop.org/?p=lhc%2Fateliers.git;a=blobdiff_plain;f=etc%2Fnginx%2Fnginx.conf;h=1ebd203f7fab107f5360c7fa6cda1a5b7d09a2e6;hp=b87bf141ef11d0454c44cc63d96585a70b9daadb;hb=a5a6e6329b52aff5811314e611b3f6122eb21e5b;hpb=b7595a000cae850e0702938336ce116376bc7d67

diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf
index b87bf14..1ebd203 100644
--- a/etc/nginx/nginx.conf
+++ b/etc/nginx/nginx.conf
@@ -1,5 +1,4 @@
 # DOC: http://blog.martinfjordvald.com/2010/07/nginx-primer/
-daemon on;
 events {
 	multi_accept on;
 	use epoll;
@@ -22,13 +21,16 @@ http {
 	default_type application/octet-stream;
 	error_log /var/log/nginx/error.log warn;
 	error_page 403 = 404;
-	fastcgi_cache_key "$request_method $scheme://$host$request_uri";
+	fastcgi_cache_key "$request_method $scheme://$http_host$request_uri";
 	fastcgi_cache_path /run/shm/cache/nginx/fastcgi
+	 inactive=10m
+	 keys_zone=microcache:2M
 	 levels=1:2
-	 keys_zone=microcache:10m
-	 inactive=5m
-	 max_size=64m;
-	fastcgi_cache microcache;
+	 loader_files=100000
+	 loader_sleep=1
+	 loader_threshold=2592000000
+	 max_size=64M;
+	fastcgi_temp_path /run/shm/tmp/nginx/ 1 2;
 	gzip on;
 	gzip_buffers 16 8k;
 	gzip_comp_level 6;
@@ -70,6 +72,7 @@ http {
 	sendfile on;
 	server_names_hash_bucket_size 128;
 	server_tokens off;
+	ssl_session_cache shared:SSL:10m;
 	tcp_nodelay on;
 		# NOTE: don't buffer data-sends (disable Nagle algorithm).
 		#       Good for sending frequent small bursts of data in real time.
@@ -79,9 +82,25 @@ http {
 		#       This is useful for prepending headers before calling sendfile,
 		#       or for throughput optimization.
 	types_hash_max_size 2048;
+	map $http_user_agent $bad_bot {
+	 # NOTE: user agents that are to be blocked.
+		default 0;
+		libwww-perl                      1;
+		~(?i)(httrack|htmlparser|libwww) 1;
+	 }
+	#map $http_referer $bad_referer {
+	# # NOTE: referrers that are to be blocked.
+	#	default 0;
+	#	~(?i)(babes|casino|click|diamond|forsale|girl|jewelry|love|nudit|organic|poker|porn|poweroversoftware|replica|sex|teen|webcam|zippo) 1;
+	# }
+	geo $not_local {
+		default 1;
+		127.0.0.1 0;
+	 }
+	include /etc/nginx/site.d/*/http.conf;
 	include /etc/nginx/site.d/*/server.conf;
  }
-pid /var/run/nginx.pid;
+pid /run/nginx.pid;
 user www-data;
 worker_processes 2;