# -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*-

1. # -*- mode: nginx; mode: flyspell-prog; ispell-local-dictionary: "american" -*-
2. user nginx;
3. worker_processes 2;
4.  
5. error_log /var/log/nginx/error.log warn;
6. pid /var/run/nginx.pid;
7.  
8. worker_rlimit_nofile 8192;
9.  
10. events {
11. worker_connections 4096;
12. ## Accept as many connections as possible.
13. multi_accept on;
14. }
15.  
16. http {
17. ##SB
18. server_names_hash_bucket_size 64;
19.  
20. ## MIME types.
21. include /etc/nginx/mime.types;
22. default_type application/octet-stream;
23.  
24. ## FastCGI.
25. include /etc/nginx/fastcgi.conf;
26.  
27. ## Default log and error files.
28. #access_log /var/log/nginx/access.log;
29. error_log /var/log/nginx/error.log;
30.  
31. ## Use sendfile() syscall to speed up I/O operations and speed up
32. ## static file serving.
33. sendfile on;
34. ## Handling of IPs in proxied and load balancing situations.
35. set_real_ip_from 0.0.0.0/32; # all addresses get a real IP.
36. real_ip_header X-Forwarded-For; # the ip is forwarded from the load balancer/proxy
37.  
38. ## Define a zone for limiting the number of simultaneous
39. ## connections nginx accepts. 1m means 32000 simultaneous
40. ## sessions. We need to define for each server the limit_conn
41. ## value refering to this or other zones.
42. ## ** This syntax requires nginx version >=
43. ## ** 1.1.8. Cf. http://nginx.org/en/CHANGES. If using an older
44. ## ** version then use the limit_zone directive below
45. ## ** instead. Comment out this
46. ## ** one if not using nginx version >= 1.1.8.
47. limit_conn_zone $binary_remote_addr zone=arbeit:10m;
48.  
49. ## Define a zone for limiting the number of simultaneous
50. ## connections nginx accepts. 1m means 32000 simultaneous
51. ## sessions. We need to define for each server the limit_conn
52. ## value refering to this or other zones.
53. ## ** Use this directive for nginx versions below 1.1.8. Uncomment the line below.
54. #limit_zone arbeit $binary_remote_addr 10m;
55.  
56. ## Timeouts.
57. client_body_timeout 60;
58. client_header_timeout 60;
59. keepalive_timeout 10 10;
60. send_timeout 60;
61.  
62. ## Reset lingering timed out connections. Deflect DDoS.
63. reset_timedout_connection on;
64.  
65. ## Body size.
66. client_max_body_size 10m;
67.  
68. ## TCP options.
69. tcp_nodelay on;
70. ## Optimization of socket handling when using sendfile.
71. tcp_nopush on;
72.  
73. ## Compression.
74. gzip on;
75. gzip_buffers 16 8k;
76. gzip_comp_level 1;
77. gzip_http_version 1.1;
78. gzip_min_length 10;
79. gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon application/vnd.ms-fontobject font/opentype application/x-font-ttf;
80. gzip_vary on;
81. gzip_proxied any; # Compression for all requests.
82. ## No need for regexps. See
83. ## http://wiki.nginx.org/NginxHttpGzipModule#gzip_disable
84. gzip_disable msie6;
85.  
86. ## Serve already compressed files directly, bypassing on-the-fly
87. ## compression.
88. ##
89. # Usually you don't make much use of this. It's better to just
90. # enable gzip_static on the locations you need it.
91. # gzip_static on;
92.  
93. ## Hide the Nginx version number.
94. server_tokens off;
95.  
96. ## Use a SSL/TLS cache for SSL session resume. This needs to be
97. ## here (in this context, for session resumption to work. See this
98. ## thread on the Nginx mailing list:
99. ## http://nginx.org/pipermail/nginx/2010-November/023736.html.
100. ssl_session_cache shared:SSL:10m;
101. ssl_session_timeout 10m;
102.  
103. ## Uncomment to increase map_hash_bucket_size. If start getting
104. ## [emerg]: could not build the map_hash, you should increase
105. ## map_hash_bucket_size: 64 in your
106. ## logs. Cf. http://wiki.nginx.org/NginxOptimizations.
107. #map_hash_bucket_size 192;
108.  
109. ## For the filefield_nginx_progress module to work. From the
110. ## README. Reserve 1MB under the name 'uploads' to track uploads.
111. #upload_progress uploads 1m;
112.  
113. ## Enable clickjacking protection in modern browsers. Available in
114. ## IE8 also. See
115. ## https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header
116. ## This may conflicts with pseudo streaming (at least with Nginx version 1.0.12).
117. ## Uncomment the line below if you're not using media streaming.
118. ## For sites *using* frames uncomment the line below.
119. #add_header X-Frame-Options SAMEORIGIN;
120. ## For sites *not* using frames uncomment the line below.
121. #add_header X-Frame-Options DENY;
122.  
123. ## Block MIME type sniffing on IE.
124. add_header X-Content-Options nosniff;
125.  
126. ## Include the upstream servers for PHP FastCGI handling config.
127. ## This one uses the FCGI process listening on TCP sockets.
128. include upstream_phpcgi_tcp.conf;
129.  
130. ## Include the upstream servers for PHP FastCGI handling
131. ## configuration. This setup uses UNIX sockets for talking with the
132. ## upstream.
133. #include upstream_phpcgi_unix.conf;
134.  
135. ## Include the map to block HTTP methods.
136. include map_block_http_methods.conf;
137.  
138. ## If using Nginx version >= 1.1.11 then there's a $https variable
139. ## that has the value 'on' if the used scheme is https and '' if not.
140. ## See: http://trac.nginx.org/nginx/changeset/4380/nginx
141. ## http://trac.nginx.org/nginx/changeset/4333/nginx and
142. ## http://trac.nginx.org/nginx/changeset/4334/nginx. If using a
143. ## previous version then uncomment out the line below.
144. #include map_https_fcgi.conf;
145.  
146. ## Include this line, if used in a loadbalanced environment
147. ## and comment the line which includes map_https_fcgi.conf.
148. ## If the loadbalancer always sends the request in http protocol,
149. ## and adds the server variable $http_x_forwarded_proto
150. #include map_https_forwarded_proto.conf;
151.  
152. ## Include the upstream servers for Apache handling the PHP
153. ## processes. In this case Nginx functions as a reverse proxy.
154. #include reverse_proxy.conf;
155. #include upstream_phpapache.conf;
156.  
157. ## Include the php-fpm status allowed hosts configuration block.
158. ## Uncomment to enable if you're running php-fpm.
159. include php_fpm_status_allowed_hosts.conf;
160.  
161. ## Include the Nginx stub status allowed hosts configuration block.
162. include nginx_status_allowed_hosts.conf;
163.  
164. ## If you want to run cron using Drupal cron.php. i.e., you're not
165. ## using drush then uncomment the line below. Specify in
166. ## cron_allowed_hosts.conf which hosts can invole cron.
167. # include apps/drupal/cron_allowed_hosts.conf;
168.  
169. ## Include blacklist for bad bot and referer blocking.
170. include blacklist.conf;
171.  
172. ## Include the map directive that sets the $no_slash_uri variable for drupal 6.
173. ## You may comment out the line below if using drupal 7.
174. include apps/drupal/map_drupal6.conf;
175.  
176. ## Include the caching setup. Needed for using Drupal with an external cache.
177. include map_cache.conf;
178.  
179. ## Microcache zone definition for FastCGI.
180. include fastcgi_microcache_zone.conf;
181.  
182. ## If you're using Apache for handling PHP then comment the line
183. ## above and uncomment the line below.
184. #include proxy_microcache_zone.conf
185.  
186. ## Include all vhosts.
187. include /etc/nginx/sites-enabled/*;
188. }