@softvisio/core

daemon off; worker_processes auto; worker_rlimit_nofile 100000; pcre_jit on; pid "<%- nginx.app.env.tmpDir %>/nginx.pid"; events { use epoll; multi_accept on; worker_connections 8192; } http { server_tokens off; default_type "application/octet-stream"; # log log_format default "$time_local\t$remote_addr\t$status\t$body_bytes_sent\t$request"; error_log stderr crit; log_not_found off; access_log off; # send files sendfile on; aio threads; tcp_nopush on; tcp_nodelay on; reset_timedout_connection on; # http2 http2 on; # ssl, https://ssl-config.mozilla.org/#server=nginx&config=intermediate ssl_dhparam "<%- nginx.dhParamsPath %>"; ssl_protocols <%- nginx.config.sslProtocols %>; ssl_ecdh_curve <%- nginx.config.sslEcdhCurve %>; <% if ( nginx.config.sslCiphers ) { -%> ssl_ciphers <%- nginx.config.sslCiphers %>; <% } -%> ssl_prefer_server_ciphers on; ssl_session_tickets off; ssl_session_timeout 1d; ssl_session_cache shared:http:10m; # set real ip from real_ip_recursive on; include "<%- nginx.setRealIpFromPath %>"; proxy_cache_path "<%- nginx.cacheDir %>" levels=1:2 keys_zone=main:10M <% if ( cacheMaxSize ) { -%> <%- "max_size=" + cacheMaxSize %> <% } -%> <% if ( cacheMinFree ) { -%> <%- "min_free=" + cacheMinFree %> <% } -%> inactive=<%- cacheInactive %> use_temp_path=off; proxy_cache off; proxy_cache_bypass <%- cacheBypass ? "$http_cache_control" : 0 %>; map $http_connection $proxy_connection { default ""; "upgrade" "upgrade"; } map $http_x_forwarded_for $proxy_add_x_forwarded_for_real_ip { default "${http_x_forwarded_for}, ${realip_remote_addr}"; "" $realip_remote_addr; } client_max_body_size <%- maxBodySize %>; # proxy proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for_real_ip; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $proxy_connection; proxy_hide_header uwebsockets; proxy_cache_revalidate on; proxy_cache_lock on; proxy_socket_keepalive on; proxy_read_timeout 30m; proxy_send_timeout 60s; # proxy_headers_hash_max_size 512; proxy_headers_hash_bucket_size 128; # XXX ??? # proxy_buffers 64 32K; # proxy_buffer_size 32K; # http servers include "<%- nginx.configsDir %>/http-upstreams/*.nginx.conf"; include "<%- nginx.configsDir %>/http-servers/*.nginx.conf"; } stream { # ssl, https://ssl-config.mozilla.org/#server=nginx&config=intermediate ssl_dhparam "<%- nginx.dhParamsPath %>"; ssl_protocols <%- nginx.config.sslProtocols %>; ssl_ecdh_curve <%- nginx.config.sslEcdhCurve %>; <% if ( nginx.config.sslCiphers ) { -%> ssl_ciphers <%- nginx.config.sslCiphers %>; <% } -%> ssl_prefer_server_ciphers on; ssl_session_tickets off; ssl_session_timeout 1d; ssl_session_cache shared:stream:10m; # set real ip from include "<%- nginx.setRealIpFromPath %>"; proxy_socket_keepalive on; proxy_timeout 30m; # stream servers include "<%- nginx.configsDir %>/stream-upstreams/*.nginx.conf"; include "<%- nginx.configsDir %>/stream-servers/*.nginx.conf"; }