denisgolius/gist:80e6d66ef7c97ca79e8e5034521722d4

## gistfile1.txt
user nginx;
worker_processes auto;
worker_rlimit_nofile 10000;
pid /var/run/nginx.pid;

events {
    worker_connections 4000;
    multi_accept on;
    use epoll;
}

http {

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_requests 1000;
    keepalive_timeout 75 20;
    reset_timedout_connection on;
    client_body_timeout 60;
    send_timeout 10;
    types_hash_max_size 2048;
    server_tokens off;
    # https://medium.com/@getpagespeed/how-to-remove-the-server-header-in-nginx-e74c7b431b
    # more_clear_headers Server;
    # cache informations about FDs, frequently accessed files
    # can boost performance, but you need to test those values
    # open_file_cache max=200 inactive=20s;
    # open_file_cache_valid 30s;
    # open_file_cache_min_uses 2;
    # open_file_cache_errors on;
    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    #
    # Override some buffer limitations, will prevent DDOS too.
    #
    client_body_buffer_size 10K;
    client_header_buffer_size 4k;
    client_max_body_size 16m;
    large_client_header_buffers 8 8k;
    request_pool_size               4k;
    output_buffers 1 32k;
    postpone_output 1460;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;


    map $sent_http_content_type $x_ua_compatible {
        ~*text/html "IE=edge";
    }

    # map $sent_http_content_type $x_xss_protection {
    # ~*text/html "1; mode=block";
    # }

    # map $sent_http_content_type $x_frame_options {
    # ~*text/html DENY;
    # }


    ##
    # Logging Settings
    ##
    log_format extended_json escape=json
        '{'
        '"event_datetime": "$time_iso8601", '
        '"server_name": "$server_name", '
        '"remote_addr": "$remote_addr", '
        '"remote_user": "$remote_user", '
        '"http_x_real_ip": "$http_x_real_ip", '
        '"status": "$status", '
        '"scheme": "$scheme", '
        '"request_method": "$request_method", '
        '"request_uri": "$request_uri", '
        '"server_protocol": "$server_protocol", '
        '"body_bytes_sent": "$body_bytes_sent", '
        '"http_referer": "$http_referer", '
        '"http_user_agent": "$http_user_agent", '
        '"request_bytes": "$request_length", '
        '"request_time": "$request_time", '
        '"upstream_addr": "$upstream_addr", '
        '"upstream_response_time": "$upstream_response_time", '
        '"hostname": "$hostname", '
        '"host": "$host"'
        '}';


    #   access_log /var/log/nginx/access.log;
        # error_log /var/log/nginx/error.log;

      ##
      # Gzip Settings
      ##

    gzip  on;
    gzip_static on;
    gzip_comp_level 5;
    gzip_min_length 1024;
    gzip_proxied     any;
    gzip_vary on;
    gzip_proxied expired no-cache no-store private auth;
    gzip_types application/atom+xml application/geo+json application/javascript application/x-javascript application/json application/ld+json application/manifest+json application/rdf+xml application/rss+xml application/vnd.ms-fontobject application/wasm application/x-web-app-manifest+json application/xhtml+xml application/xml application/font-woff2 application/x-font-woff application/font-woff application/x-font-ttf font/eot font/otf font/ttf image/bmp image/svg+xml text/cache-manifest text/calendar text/markdown text/plain text/xml text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    gzip_disable "MSIE [1-6]\.(?!.*SV1)";

    map $sent_http_content_type $expires {
        "text/html"                 epoch;
        "text/html; charset=utf-8"  epoch;
        default                     off;
    }

    server_names_hash_max_size 8192;
    #ignore_invalid_headers  on;
    server_name_in_redirect off;

    proxy_buffer_size       8k;
    proxy_buffers           8 64k;
    proxy_connect_timeout   1000;
    proxy_read_timeout      12000;
    proxy_send_timeout      12000;

    proxy_cache_path /var/cache/nginx levels=2 keys_zone=pagecache:5m inactive=10m max_size=50m;

    real_ip_header          X-Real-IP;
    proxy_set_header        Host            $host;
    proxy_set_header        X-Real-IP       $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

    allow all;


    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;

    error_log /dev/stdout crit;
    # error_log /dev/stdout warn;
    access_log off;
  # access_log /dev/stdout extended_json;
}
	user nginx;
	worker_processes auto;
	worker_rlimit_nofile 10000;
	pid /var/run/nginx.pid;

	events {
	worker_connections 4000;
	multi_accept on;
	use epoll;
	}

	http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_requests 1000;
	keepalive_timeout 75 20;
	reset_timedout_connection on;
	client_body_timeout 60;
	send_timeout 10;
	types_hash_max_size 2048;
	server_tokens off;
	# https://medium.com/@getpagespeed/how-to-remove-the-server-header-in-nginx-e74c7b431b
	# more_clear_headers Server;
	# cache informations about FDs, frequently accessed files
	# can boost performance, but you need to test those values
	# open_file_cache max=200 inactive=20s;
	# open_file_cache_valid 30s;
	# open_file_cache_min_uses 2;
	# open_file_cache_errors on;
	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	#
	# Override some buffer limitations, will prevent DDOS too.
	#
	client_body_buffer_size 10K;
	client_header_buffer_size 4k;
	client_max_body_size 16m;
	large_client_header_buffers 8 8k;
	request_pool_size 4k;
	output_buffers 1 32k;
	postpone_output 1460;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_prefer_server_ciphers on;


	map $sent_http_content_type $x_ua_compatible {
	~*text/html "IE=edge";
	}

	# map $sent_http_content_type $x_xss_protection {
	# ~*text/html "1; mode=block";
	# }

	# map $sent_http_content_type $x_frame_options {
	# ~*text/html DENY;
	# }


	##
	# Logging Settings
	##
	log_format extended_json escape=json
	'{'
	'"event_datetime": "$time_iso8601", '
	'"server_name": "$server_name", '
	'"remote_addr": "$remote_addr", '
	'"remote_user": "$remote_user", '
	'"http_x_real_ip": "$http_x_real_ip", '
	'"status": "$status", '
	'"scheme": "$scheme", '
	'"request_method": "$request_method", '
	'"request_uri": "$request_uri", '
	'"server_protocol": "$server_protocol", '
	'"body_bytes_sent": "$body_bytes_sent", '
	'"http_referer": "$http_referer", '
	'"http_user_agent": "$http_user_agent", '
	'"request_bytes": "$request_length", '
	'"request_time": "$request_time", '
	'"upstream_addr": "$upstream_addr", '
	'"upstream_response_time": "$upstream_response_time", '
	'"hostname": "$hostname", '
	'"host": "$host"'
	'}';


	# access_log /var/log/nginx/access.log;
	# error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;
	gzip_static on;
	gzip_comp_level 5;
	gzip_min_length 1024;
	gzip_proxied any;
	gzip_vary on;
	gzip_proxied expired no-cache no-store private auth;
	gzip_types application/atom+xml application/geo+json application/javascript application/x-javascript application/json application/ld+json application/manifest+json application/rdf+xml application/rss+xml application/vnd.ms-fontobject application/wasm application/x-web-app-manifest+json application/xhtml+xml application/xml application/font-woff2 application/x-font-woff application/font-woff application/x-font-ttf font/eot font/otf font/ttf image/bmp image/svg+xml text/cache-manifest text/calendar text/markdown text/plain text/xml text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

	gzip_disable "MSIE [1-6]\.(?!.*SV1)";

	map $sent_http_content_type $expires {
	"text/html" epoch;
	"text/html; charset=utf-8" epoch;
	default off;
	}

	server_names_hash_max_size 8192;
	#ignore_invalid_headers on;
	server_name_in_redirect off;

	proxy_buffer_size 8k;
	proxy_buffers 8 64k;
	proxy_connect_timeout 1000;
	proxy_read_timeout 12000;
	proxy_send_timeout 12000;

	proxy_cache_path /var/cache/nginx levels=2 keys_zone=pagecache:5m inactive=10m max_size=50m;

	real_ip_header X-Real-IP;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

	allow all;


	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;

	error_log /dev/stdout crit;
	# error_log /dev/stdout warn;
	access_log off;
	# access_log /dev/stdout extended_json;
	}