# Run as a unique, less privileged user for security reasons.
user nginx;

# Sets the worker threads to the number of CPU cores available in the system for best performance.
# Should be > the number of CPU cores.
# Maximum number of connections = worker_processes * worker_connections
worker_processes  auto;

# Log errors and warnings to this file
# This is only used when you don't override it on a server{} level
error_log  /var/log/nginx/error.log warn;

# The file storing the process ID of the main process
pid        /var/run/nginx.pid;


events {
    # If you need more connections than this, you start optimizing your OS.
    # That's probably the point at which you hire people who are smarter than you as this is *a lot* of requests.
    # Should be < worker_rlimit_nofile.
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    # Include $http_x_forwarded_for within default format used in log files
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    # Hide nginx version information.
    server_tokens off;

    access_log off;

    # Speed up file transfers by using sendfile() to copy directly
    # between descriptors rather than using read()/write().
    # For performance reasons, on FreeBSD systems w/ ZFS
    # this option should be disabled as ZFS's ARC caches
    # frequently used files in RAM by default.
    sendfile        on;

    # Don't send out partial frames; this increases throughput
    # since TCP frames are filled up before being sent out.
    tcp_nopush      on;

    keepalive_timeout  65s;

    gzip on;

    # Tell proxies to cache both the gzipped and regular version of a resource
    # whenever the client's Accept-Encoding capabilities header varies;
    # Avoids the issue where a non-gzip capable client (which is extremely rare
    # today) would display gibberish if their proxy gave them the gzipped version.
    gzip_vary on;

    # Compression level (1-9).
    # 5 is a perfect compromise between size and CPU usage, offering about
    # 75% reduction for most ASCII files (almost identical to level 9).
    gzip_comp_level 5;

    # Don't compress anything that's already small and unlikely to shrink much
    # if at all (the default is 20 bytes, which is bad as that usually leads to
    # larger files after gzipping).
    gzip_min_length 256;

    gzip_http_version 1.1;
    # Compress all output labeled with one of the following MIME-types.
    gzip_types
      application/atom+xml
      application/javascript
      application/json
      application/ld+json
      application/manifest+json
      application/rss+xml
      application/vnd.geo+json
      application/vnd.ms-fontobject
      application/x-font-ttf
      application/x-web-app-manifest+json
      application/xhtml+xml
      application/xml
      font/opentype
      image/bmp
      image/svg+xml
      image/x-icon
      text/cache-manifest
      text/css
      text/plain
      text/vcard
      text/vnd.rim.location.xloc
      text/vtt
      text/x-component
      text/x-cross-domain-policy;
    # text/html is always compressed by gzip module

    client_max_body_size 12m;

    include fastcgi_cache;
    include /etc/nginx/conf.d/*.conf;
}