user www-data;
worker_processes auto;
worker_rlimit_nofile 262144;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

error_log /var/log/nginx/error.log crit;

events {
	worker_connections 24576;
	use epoll;
	multi_accept on;
}

http {
	##
	# Basic Settings
	##
	client_max_body_size 32M;

	open_file_cache max=100000 inactive=20s;
	open_file_cache_valid 30s;
	open_file_cache_min_uses 2;
	open_file_cache_errors on;

	types_hash_max_size 2048;
	variables_hash_max_size 2048;
	variables_hash_bucket_size 128;

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;

	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	# allow the server to close connection on non responding client, this will free up memory
	reset_timedout_connection on;

	# request timed out -- default 60
	client_body_timeout 10;
	client_header_timeout 10;

	# if client stop responding, free up memory -- default 60
	send_timeout 10;

	# server will close connection after this time -- default 75
	keepalive_timeout 30;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	# if the request body size is more than the buffer size, then the entire (or partial)
	# request body is written into a temporary file
#	client_body_buffer_size  128k;

	# buffer size for reading client request header
#	client_header_buffer_size 1k;

	# maximum number and size of buffers for large headers to read from client request
#	large_client_header_buffers 4 256k;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	#access_log /var/log/nginx/access.log;
	#error_log /var/log/nginx/error.log crit;

	# borrowed from Apache
	# (Could use $host instead of $server_name to log vhost aliases separately)
	log_format vhost_combined '$server_name $remote_addr - $remote_user [$time_local] '
							  '"$request" $status $body_bytes_sent '
							  '"$http_referer" "$http_user_agent"';

	log_format vcombined '$host:$server_port '
		'$remote_addr - $remote_user [$time_local] '
		'"$request" $status $body_bytes_sent '
		'"$http_referer" "$http_user_agent"';

	# Define an access log for VirtualHosts that don't define their own logfile
	access_log /var/log/nginx/other_vhosts_access.log vcombined;

	##
	# Gzip Settings
	##

	gzip on;

	gzip_vary on;
	gzip_proxied any;
	gzip_comp_level 6;
	gzip_buffers 16 8k;
	gzip_http_version 1.1;
	gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	# gzip_proxied any;

	##
	# DDOS Defense
	##
	# limit the number of connections per single IP
#	limit_conn_zone $binary_remote_addr zone=conn_limit_def:10m;
#	limit_conn_zone $binary_remote_addr zone=conn_limit_mid:32m;
#	limit_conn_zone $binary_remote_addr zone=conn_limit_high:64m;

	# limit the number of requests for a given session
#	limit_req_zone $binary_remote_addr zone=req_limit_def:64m rate=10r/s;
#	limit_req_zone $binary_remote_addr zone=req_limit_mid:128m rate=20r/s;
#	limit_req_zone $binary_remote_addr zone=req_limit_high:512m rate=30r/s;


	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
	include /etc/nginx/user-sites-enabled/*;
}

# SSL Pass-thru
stream {
	include /etc/nginx/streams/*;
}

#mail {
#	# See sample authentication script at:
#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#	# auth_http localhost/auth.php;
#	# pop3_capabilities "TOP" "USER";
#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#	server {
#		listen     localhost:110;
#		protocol   pop3;
#		proxy      on;
#	}
#
#	server {
#		listen     localhost:143;
#		protocol   imap;
#		proxy      on;
#	}
#}