user www-data;worker_processes auto;worker_rlimit_nofile 1024;pid /run/ngi

1. user www-data;
2. worker_processes auto;
3. worker_rlimit_nofile 1024;
4. pid /run/nginx.pid;
5. include /etc/nginx/modules-enabled/*.conf;
6.  
7. events {
8.     worker_connections 768;
9.     multi_accept on;
10. }
11.  
12. http {
13.  
14.     ##
15.     # Basic Settings
16.     ##
17.  
18.     sendfile on;
19.     tcp_nopush on;
20.     tcp_nodelay on;
21.     keepalive_timeout 65;
22.     types_hash_max_size 2048;
23.     # server_tokens off;
24.  
25.     # server_names_hash_bucket_size 64;
26.     # server_name_in_redirect off;
27.  
28.     include /etc/nginx/mime.types;
29.     default_type application/octet-stream;
30.  
31.     ##
32.     # SSL Settings
33.     ##
34.  
35.     ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
36.     ssl_prefer_server_ciphers on;
37.  
38.     ##
39.     # Logging Settings
40.     ##
41.  
42.     access_log /var/log/nginx/access.log;
43.     error_log /var/log/nginx/error.log;
44.  
45.     ##
46.     # Gzip Settings
47.     ##
48.  
49.     gzip on;
50.     gzip_disable "msie6";
51.     gzip_vary on;
52.     gzip_proxied any;
53.     gzip_comp_level 6;
54.     gzip_buffers 16 8k;
55.     gzip_http_version 1.1;
56.     gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
57.  
58.     upstream cws {
59.         ip_hash;
60.         keepalive 500;
61.         server 127.0.0.1:8888;
62.         # Insert other CWSs here.
63.         }
64.  
65.     # To benefit from kept-alive connections also on AdminWebServer a
66.     # group for it has to be created as well, even if it will contain
67.     # just one server.
68.     upstream aws {
69.         keepalive 5;
70.         server 127.0.0.1:8889;
71.     }
72.  
73.     # Group the RankingWebServers to load balance among them (useful to
74.     # overcome the hard limit on simultaneous open file descriptors if
75.     # you expect a very large number of clients).
76.     upstream rws {
77.         keepalive 500;
78.         server 127.0.0.1:8890;
79.         # Insert other RWSs here.
80.     }
81.  
82.     # Force HTTPS.
83.     #server {
84.     #    listen 80;
85.     #    server_name ioi-server;
86.     #    location / {
87.     #        rewrite ^/(.*)$ https://ioi-server/$1;
88.     #    }
89.     #}
90.  
91.     server {
92.     listen 80;
93.         listen 443 default_server;
94.         server_name ioi-server;
95.  
96.         # Have the nginx server be the HTTPS endpoint, authenticating
97.         # and decripting the connection, forwarding plain HTTP requests
98.         # upstream. To learn how to generate a self-signed certificate
99.         # see http://wiki.nginx.org/HttpSslModule.
100. #        ssl on;
101. #        ssl_certificate /etc/nginx/ssl/server.crt;
102. #        ssl_certificate_key /etc/nginx/ssl/server.key;
103.  
104.         # Serve phppgadmin on a prefix. This assumes that you have the
105.         # phppgadmin and php7.2-fpm packages properly installed and
106.         # configured.
107.         location /phppgadmin/ {
108.             alias /usr/share/phppgadmin/;
109.             index index.php;
110.  
111.             # Protect it with an IP address whitelist.
112.             allow 127.0.0.1;
113.             # Insert other allowed IP addesses or subnets here.
114.             deny all;
115.  
116.             # Authentication will be required by phppgadmin, no need to
117.             # enforce it here.
118.  
119.             # Serve the static files with a (likely) correct MIME type.
120.             include /etc/nginx/mime.types;
121.             default_type application/octet-stream;
122.  
123.             try_files $uri $uri/ =404;
124.  
125.             location ~ \.php$ {
126.                 fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
127.                 fastcgi_index index.php;
128.                 include fastcgi_params;
129.             }
130.         }
131.  
132.         # Serve AWS on a prefix.
133.         location /aws/ {
134.             proxy_pass http://aws/;
135.             include proxy_params;
136.             proxy_redirect / /aws/;
137.             proxy_redirect http://$host/ /aws/;
138.             proxy_redirect https://$host/ /aws/;
139.             proxy_http_version 1.1;
140.             proxy_set_header Connection "";
141.  
142.             # Protect it with an authentication. For more information
143.             # see http://wiki.nginx.org/HttpAuthBasicModule.
144.             #auth_basic "AdminWebServer";
145.             #auth_basic_user_file /etc/nginx/htpasswd_AWS;
146.  
147.             # Protect it with an IP address whitelist.
148.             allow 127.0.0.1;
149.         allow 10.10.188.0/24;
150.             # Insert other allowed IP addesses or subnets here.
151.             deny all;
152.  
153.             # Allow to upload large files (e.g. testcases).
154.             client_max_body_size 100M;
155.         }
156.  
157.         # Serve RWS on a prefix.
158.         location /rws/ {
159.             proxy_pass http://rws/;
160.             include proxy_params;
161.             proxy_redirect / /rws/;
162.             proxy_redirect http://$host/ /rws/;
163.             proxy_redirect https://$host/ /rws/;
164.             proxy_http_version 1.1;
165.             proxy_set_header Connection "";
166.             # Buffering blocks the streaming HTTP requests used for
167.             # live-update.
168.             proxy_buffering off;
169.  
170.             # Protect it with an authentication. For more information
171.             # see http://wiki.nginx.org/HttpAuthBasicModule.
172.             #auth_basic "RankingWebServer";
173.             #auth_basic_user_file /etc/nginx/htpasswd_RWS;
174.  
175.             # Protect it with an IP address whitelist.
176.             allow 127.0.0.1;
177.         allow 10.10.188.0/24;
178.  
179.             # Insert other allowed IP addesses or subnets here.
180.             deny all;
181.         }
182.  
183.         # Serve CWS unprefixed.
184.         location / {
185.             proxy_pass http://cws/;
186.             include proxy_params;
187.             proxy_http_version 1.1;
188.             proxy_set_header Connection "";
189.  
190.             # Needs to be as large as the maximum allowed submission
191.             # and input lengths set in cms.conf.
192.             client_max_body_size 50M;
193.         }
194.     }
195.  
196.     ##
197.     # Virtual Host Configs
198.     ##
199.  
200.     include /etc/nginx/conf.d/*.conf;
201.     include /etc/nginx/sites-enabled/*;
202. }
203.  
204.  
205. #mail {
206. #   # See sample authentication script at:
207. #   # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
208. #
209. #   # auth_http localhost/auth.php;
210. #   # pop3_capabilities "TOP" "USER";
211. #   # imap_capabilities "IMAP4rev1" "UIDPLUS";
212. #
213. #   server {
214. #       listen     localhost:110;
215. #       protocol   pop3;
216. #       proxy      on;
217. #   }
218. #
219. #   server {
220. #       listen     localhost:143;
221. #       protocol   imap;
222. #       proxy      on;
223. #   }
224. #}