# Generated by nginxconfig.io
# https://www.serverion.com/nginx-config/#?0.domain=_&0.path=%2Fvar%2Fwww%2Fhtml&0.redirect=false&0.force_https=false&0.cert_type=custom&0.ssl_certificate=%2Fetc%2Fssl%2Fweb%2Fserver.crt&0.ssl_certificate_key=%2Fetc%2Fssl%2Fweb%2Fserver.key&0.wordpress&0.proxy_path=%2Fping&0.proxy_pass=unix:%2Fvar%2Frun%2Fphp%2Fphp-fpm.sock&0.index=index.html&content_security_policy=default-src%20'self'%20http:%20https:%20data:%20blob:%20'unsafe-inline';%20frame-ancestors%20'self';&php_server=%2Fvar%2Frun%2Fphp%2Fphp7.3-fpm.sock&expires_media=max&expires_svg=max&expires_fonts=max&user=www-data%20www-data&client_max_body_size=2048&symlink=false

pcre_jit on;
worker_processes auto;
worker_rlimit_nofile 100000;
user www-data www-data;

events {
    worker_connections 65535;
    use epoll;
    multi_accept on;
}

http {
    # define common MIME types
    include mime.types;

    # define the default MIME type
    default_type application/octet-stream;

    # disable emitting nginx version
    server_tokens off;

    # disable the directory listing output
    autoindex off;

    # disable automatic generation of the "ETag"
    etag off;

    # disable warnings about uninitialized variables are logged
    uninitialized_variable_warn off;

    # ======================================================================== #

    # the bucket size for the maps hash table
    map_hash_bucket_size  256;
    map_hash_max_size     4096;

    # the bucket size for the server names hash tables
    server_names_hash_bucket_size 256;
    server_names_hash_max_size    4096;

    # the bucket size for variables hash tables
    variables_hash_max_size     4096;
    variables_hash_bucket_size  4096;

    # ======================================================================== #

    # cache informations about FDs, frequently accessed files
    # can boost performance, but you need to test those values
    open_file_cache           max=200000 inactive=30s;
    open_file_cache_valid     30s;
    open_file_cache_min_uses  1;
    open_file_cache_errors    off;
    open_log_file_cache       max=10 inactive=30s min_uses=1 valid=5m;

    # ======================================================================== #

        # logging
        access_log /var/log/nginx/access.log;
        error_log  /var/log/nginx/error.log error;

    # to boost I/O on HDD we can disable access logs
    log_not_found   off;
    log_subrequest  off;
    rewrite_log     on;

    # copies data between one FD and other from within the kernel
    # faster than read() + write()
    sendfile off;
    sendfile_max_chunk 1m;

    # send headers in one piece, it is better than sending them one by one
    tcp_nopush on;

    # don't buffer data sent, good for small data bursts in real time
    tcp_nodelay on;

    # large files can be read and sent using multi-threading
    # without blocking a worker process
    aio      threads;
    directio 1m;

    # how to compare modification time
    ssi on;
    if_modified_since off;

    # set default size of the slice
    slice 1m;

    # ======================================================================== #

    # allow the server to close connection on non responding client,
    # this will free up memory
    reset_timedout_connection on;

    # timeout for reading client request header -- default: 60
    client_header_timeout 10s;

    # request timed out -- default: 60
    client_body_timeout 75s;

    # if the request body size is more than the buffer size, then the entire (or partial)
    # request body is written into a temporary file
    client_body_buffer_size 128k;

    # if client stop responding, free up memory -- default: 60
    send_timeout 30s;

    # server will close connection after this time -- default: 75
    keepalive_timeout 30s;

    # number of requests client can make over keep-alive
    keepalive_requests 100000;

    # maximum number and size of buffers
    # for large headers to read from client request -- default: 4 8k;
    large_client_header_buffers 4 16k;

    # ======================================================================== #

        # SSL
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:10m;
        ssl_session_tickets off;

        # Diffie-Hellman parameter for DHE ciphersuites
        ssl_dhparam /etc/ssl/dhparam.pem;

        # Mozilla Intermediate configuration
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

        # OCSP Stapling
        # ssl_stapling on;
        # ssl_stapling_verify on;
        resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
        resolver_timeout 2s;

    # ======================================================================== #

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}