X-Git-Url: https://git.cyclocoop.org/?p=lhc%2Fateliers.git;a=blobdiff_plain;f=etc%2Fnginx%2Fnginx.conf;h=94c1ffeb9bdf187e10466ed99640825ad0ad00c5;hp=fc2e23d53c71512a485f458b1fd4b52065bd7389;hb=097751f5bd05dd28314024cf185b7eb38a9acda7;hpb=ac6452c7821434c9750210bf75a95e51d876dc3d diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf index fc2e23d..94c1ffe 100644 --- a/etc/nginx/nginx.conf +++ b/etc/nginx/nginx.conf @@ -1,3 +1,4 @@ +# DOC: http://blog.martinfjordvald.com/2010/07/nginx-primer/ events { multi_accept on; use epoll; @@ -7,7 +8,17 @@ http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for" nocache:$no_cache'; + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format piwik + '{"ip": "$remote_addr",' + '"host": "$host",' + '"path": "$request_uri",' + '"status": "$status",' + '"referrer": "$http_referer",' + '"user_agent": "$http_user_agent",' + '"length": $bytes_sent,' + '"generation_time_milli": $request_time,' + '"date": "$time_iso8601"}'; access_log /var/log/nginx/access.log main buffer=32k; client_body_buffer_size 4K; # NOTE: % getconf PAGESIZE @@ -20,12 +31,16 @@ http { default_type application/octet-stream; error_log /var/log/nginx/error.log warn; error_page 403 = 404; - fastcgi_cache_key "$request_method $scheme://$host$request_uri"; + fastcgi_cache_key "$request_method $scheme://$http_host$request_uri"; fastcgi_cache_path /run/shm/cache/nginx/fastcgi + inactive=10m + keys_zone=microcache:2M levels=1:2 - keys_zone=microcache:10m - inactive=5m - max_size=64m; + loader_files=100000 + loader_sleep=1 + loader_threshold=2592000000 + max_size=64M; + fastcgi_temp_path /run/shm/tmp/nginx/ 1 2; gzip on; gzip_buffers 16 8k; gzip_comp_level 6; @@ -55,18 +70,21 @@ http { include /etc/nginx/mime.types; keepalive_timeout 20; large_client_header_buffers 4 8k; + map_hash_bucket_size 128; open_file_cache max=200000 inactive=20s; open_file_cache_errors on; open_file_cache_min_uses 2; open_file_cache_valid 30s; open_log_file_cache max=1000 inactive=20s min_uses=2 valid=1m; proxy_cache_use_stale updating; + proxy_temp_path /run/shm/cache/nginx/proxy_temp 1 2; reset_timedout_connection on; send_timeout 60; # NOTE: if the client stops reading data, free up the stale client connection after this much time. sendfile on; server_names_hash_bucket_size 128; server_tokens off; + ssl_session_cache shared:SSL:10m; tcp_nodelay on; # NOTE: don't buffer data-sends (disable Nagle algorithm). # Good for sending frequent small bursts of data in real time. @@ -76,9 +94,39 @@ http { # This is useful for prepending headers before calling sendfile, # or for throughput optimization. types_hash_max_size 2048; - include /etc/nginx/site.d/*/server.conf; + map $http_user_agent $bad_bot { + # NOTE: user agents that are to be blocked. + default 0; + libwww-perl 1; + ~(?i)(httrack|htmlparser|libwww) 1; + } + #map $http_referer $bad_referer { + # # NOTE: referrers that are to be blocked. + # default 0; + # ~(?i)(babes|casino|click|diamond|forsale|girl|jewelry|love|nudit|organic|poker|porn|poweroversoftware|replica|sex|teen|webcam|zippo) 1; + # } + geo $not_local { + default 1; + 127.0.0.1 0; + } + include /etc/nginx/site.d/*/http.conf; + include /etc/nginx/*/*/server.conf; + include /etc/nginx/*/*/*/server.conf; + server { + listen 80 default_server; + server_name _; + return 302 $scheme://heureux-cyclage.org$request_uri; + } + server { + listen 443 default_server; + server_name _; + include /etc/nginx/conf.d/ssl.conf; + ssl_certificate /etc/nginx/org/heureux-cyclage/crt.pem; + ssl_certificate_key /etc/nginx/org/heureux-cyclage/key.pem; + return 302 $scheme://heureux-cyclage.org$request_uri; + } } -pid /var/run/nginx.pid; +pid /run/nginx.pid; user www-data; worker_processes 2;