# -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*- user www-data; worker_processes 4; error_log /var/log/nginx/error.log; pid /var/run/nginx.pid; worker_rlimit_nofile 8192; events { worker_connections 4096; ## epoll is preferred on 2.6 Linux ## kernels. Cf. http://www.kegel.com/c10k.html#nb.epoll use epoll; ## Accept as many connections as possible. multi_accept on; } http { ## MIME types. include /etc/nginx/mime.types; default_type application/octet-stream; ## FastCGI. include /etc/nginx/fastcgi.conf; ## Default log and error files. access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; ## Use sendfile() syscall to speed up I/O operations and speed up ## static file serving. sendfile on; ## Handling of IPs in proxied and load balancing situations. set_real_ip_from 0.0.0.0/32; # all addresses get a real IP. real_ip_header X-Forwarded-For; # the ip is forwarded from the load balancer/proxy ## Define a zone for limiting the number of simultaneous ## connections nginx accepts. 1m means 32000 simultaneous ## sessions. We need to define for each server the limit_conn ## value referring to this or other zones. ## ** This syntax requires nginx version >= ## ** 1.1.8. Cf. http://nginx.org/en/CHANGES. If using an older ## ** version then use the limit_zone directive below ## ** instead. Comment out this ## ** one if not using nginx version >= 1.1.8. limit_conn_zone $binary_remote_addr zone=arbeit:10m; ## Timeouts. client_body_timeout 60; client_header_timeout 60; keepalive_timeout 10 10; send_timeout 60; ## Reset lingering timed out connections. Deflect DDoS. reset_timedout_connection on; ## Body size. client_max_body_size 10m; ## TCP options. tcp_nodelay on; tcp_nopush on; ## Compression. gzip on; gzip_buffers 16 8k; gzip_comp_level 1; gzip_http_version 1.1; gzip_min_length 10; gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon application/vnd.ms-fontobject font/opentype application/x-font-ttf; gzip_vary on; gzip_proxied any; # Compression for all requests. ## No need for regexps. See ## http://wiki.nginx.org/NginxHttpGzipModule#gzip_disable gzip_disable "msie6"; ## Serve already compressed files directly, bypassing on-the-fly ## compression. gzip_static on; ## Hide the Nginx version number. server_tokens off; ## Use a SSL/TLS cache for SSL session resume. This needs to be ## here (in this context, for session resumption to work. See this ## thread on the Nginx mailing list: ## http://nginx.org/pipermail/nginx/2010-November/023736.html. ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ## For the filefield_nginx_progress module to work. From the ## README. Reserve 1MB under the name 'uploads' to track uploads. upload_progress uploads 1m; ## Enable clickjacking protection in modern browsers. Available in ## IE8 also. See ## https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header add_header X-Frame-Options sameorigin; ## Include the upstream servers for PHP FastCGI handling config. include upstream_phpcgi.conf; ## If using Nginx version >= 1.1.11 then there's a $https variable ## that has the value 'on' if the used scheme is https and '' if not. ## See: http://trac.nginx.org/nginx/changeset/4380/nginx ## http://trac.nginx.org/nginx/changeset/4333/nginx and ## http://trac.nginx.org/nginx/changeset/4334/nginx. If using a ## previous version then uncomment out the line below. #include map_https_fcgi.conf; ## Include the upstream servers for Apache handling the PHP ## processes. In this case Nginx functions as a reverse proxy. #include reverse_proxy.conf; #include upstream_phpapache.conf; ## Include all vhosts. include /etc/nginx/sites-enabled/*; }