bunkerweb/confs/nginx.conf

# /etc/nginx/nginx.conf

# run as daemon
daemon on;

# do NOT run as root
user nginx;

# worker number = CPU core(s)
worker_processes auto;

# faster regexp
pcre_jit on;

# config files for dynamic modules
include /etc/nginx/modules/*.conf;

events {
	# max connections per worker
	worker_connections 1024;

	# epoll seems to be the best on Linux
	use epoll;
}

http {
	# zero copy within the kernel
	sendfile on;

	# send packets only if filled
	tcp_nopush on;

	# remove 200ms delay
	tcp_nodelay on;

	# load mime types and set default one
	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	# load gzip custom config
	include /etc/nginx/gzip.conf;

	# maximum request body size
	client_max_body_size %MAX_CLIENT_SIZE%;

	# load caching custom config
	include /etc/nginx/cache.conf;

	# close connections in FIN_WAIT1 state
	reset_timedout_connection on;

	# timeouts
	client_body_timeout 12;
	client_header_timeout 12;
	keepalive_timeout 15;
	send_timeout 10;

	# enable/disable sending nginx version
	server_tokens %SERVER_TOKENS%;

	# resolvers to use
	resolver %DNS_RESOLVERS% ipv6=off;

	# get real IP address if behind a reverse proxy
        %PROXY_REAL_IP%

	# write logs to local syslog
	access_log syslog:server=unix:/dev/log,nohostname,facility=local0,severity=notice combined;
	error_log syslog:server=unix:/dev/log,nohostname,facility=local0 warn;

	# lua path and dicts
	lua_package_path "/usr/local/lib/lua/?.lua;;";
	%WHITELIST_IP_CACHE%
	%WHITELIST_REVERSE_CACHE%
	%BLACKLIST_IP_CACHE%
	%BLACKLIST_REVERSE_CACHE%
	%DNSBL_CACHE%
	
	# shared memory zone for limit_req
	%LIMIT_REQ_ZONE%

	# server config
	include /etc/nginx/server.conf;

	# list of blocked country
	%BLOCK_COUNTRY%

	# list of blocker user agents
	%BLOCK_USER_AGENT%

	# enable/disable ModSecurity
	%USE_MODSECURITY%

	# custom http confs
	include /http-confs/*.conf;
}