# /etc/nginx/nginx.conf

# do not run as daemon
daemon off;

# do NOT run as root
user nginx;

# worker number = CPU core(s)
worker_processes auto;

# faster regexp
pcre_jit on;

# display warnings and errors on stderr
error_log stderr warn;

# config files for dynamic modules
include /etc/nginx/modules/*.conf;

events {
	# max connections per worker
	worker_connections 1024;

	# epoll seems to be the best on Linux
	use epoll;
}

http {
	# zero copy within the kernel
	sendfile on;

	# send packets only if filled
	tcp_nopush on;

	# remove 200ms delay
	tcp_nodelay on;

	# load mime types and set default one
	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	# load gzip custom config
	include /etc/nginx/gzip.conf;

	# maximum request body size
	client_max_body_size %MAX_CLIENT_SIZE%;

	# load caching custom config
	include /etc/nginx/cache.conf;

	# close connections in FIN_WAIT1 state
	reset_timedout_connection on;

	# timeouts
	client_body_timeout 12;
	client_header_timeout 12;
	keepalive_timeout 15;
	send_timeout 10;

	# enable/disable sending nginx version
	server_tokens %SERVER_TOKENS%;

	# display standard logs on stdout
	access_log /dev/stdout;

	# server config
	include /etc/nginx/server.conf;

	# disable default server
	%DISABLE_DEFAULT_SERVER%

	# check if country is blocked
	%BLOCK_COUNTRY%

	# check if user agent is blocked
	%BLOCK_USER_AGENT%

	# enable ModSecurity
	%USE_MODSECURITY%
}