# Configuration File - Nginx Server Configs # http://nginx.org/en/docs/dirindex.html # Run as a unique, less privileged user for security reasons. # Default: nobody nobody user www www; # Sets the worker threads to the number of CPU cores available in the system for best performance. # Should be > the number of CPU cores. # Maximum number of connections = worker_processes * worker_connections # Default: 1 worker_processes auto; # Maximum number of open files per worker process. # Should be > worker_connections. # Default: no limit worker_rlimit_nofile 8192; events { # If you need more connections than this, you start optimizing your OS. # That's probably the point at which you hire people who are smarter than you as this is *a lot* of requests. # Should be < worker_rlimit_nofile. # Default: 512 worker_connections 8000; } # Log errors and warnings to this file # This is only used when you don't override it on a server{} level # Default: logs/error.log error error_log logs/error.log warn; # The file storing the process ID of the main process # Default: nginx.pid pid /var/run/nginx.pid; http { # Hide nginx version information. # Default: on server_tokens off; # Specify MIME types for files. include mime.types; # Default: text/plain default_type application/octet-stream; # Update charset_types to match updated mime.types. # text/html is always included by charset module. # Default: text/html text/xml text/plain text/vnd.wap.wml application/javascript application/rss+xml charset_types text/css text/plain text/vnd.wap.wml text/javascript application/json application/rss+xml application/xml; # Include $http_x_forwarded_for within default format used in log files log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; # Log access to this file # This is only used when you don't override it on a server{} level # Default: logs/access.log combined access_log logs/access.log main; # How long to allow each connection to stay idle. # Longer values are better for each individual client, particularly for SSL, # but means that worker connections are tied up longer. # Default: 75s keepalive_timeout 20s; # Speed up file transfers by using sendfile() to copy directly # between descriptors rather than using read()/write(). # For performance reasons, on FreeBSD systems w/ ZFS # this option should be disabled as ZFS's ARC caches # frequently used files in RAM by default. # Default: off sendfile on; # Don't send out partial frames; this increases throughput # since TCP frames are filled up before being sent out. # Default: off tcp_nopush on; # Enable gzip compression. # Default: off gzip on; # Compression level (1-9). # 5 is a perfect compromise between size and CPU usage, offering about # 75% reduction for most ASCII files (almost identical to level 9). # Default: 1 gzip_comp_level 5; # Don't compress anything that's already small and unlikely to shrink much # if at all (the default is 20 bytes, which is bad as that usually leads to # larger files after gzipping). # Default: 20 gzip_min_length 256; # Compress data even for clients that are connecting to us via proxies, # identified by the "Via" header (required for CloudFront). # Default: off gzip_proxied any; # Tell proxies to cache both the gzipped and regular version of a resource # whenever the client's Accept-Encoding capabilities header varies; # Avoids the issue where a non-gzip capable client (which is extremely rare # today) would display gibberish if their proxy gave them the gzipped version. # Default: off gzip_vary on; # Compress all output labeled with one of the following MIME-types. # text/html is always compressed by gzip module. # Default: text/html gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml application/rdf+xml font/collection font/opentype font/otf font/ttf image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/javascript text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; # This should be turned on if you are going to have pre-compressed copies (.gz) of # static files available. If not it should be left off as it will cause extra I/O # for the check. It is best if you enable this in a location{} block for # a specific directory, or on an individual server{} level. # gzip_static on; # Include files in the sites-enabled folder. server{} configuration files should be # placed in the sites-available folder, and then the configuration should be enabled # by creating a symlink to it in the sites-enabled folder. # See doc/sites-enabled.md for more info. include sites-enabled/*; }