user www-data;
worker_processes {{nginx_worker_processes}};
pid /run/nginx.pid;
include /etc/nginx/modules/*.conf;

events {
	worker_connections  1024;
}

http {
	##
	# Server settings
	##
	sendfile on;
	server_tokens off;
	keepalive_timeout  65;
	types_hash_max_size 2048;
	client_max_body_size 64m;
	server_names_hash_bucket_size 128;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##
	log_format  main  '$server_name $remote_addr - $remote_user [$time_local] "$request" '
		      '$status $bytes_sent "$http_referer" '
		      '"$http_user_agent" $upstream_cache_status';
	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##
	gzip on;
	gzip_vary on;
	gzip_min_length 1000;
	gzip_proxied expired no-cache no-store private auth;
	# gzip_types text/plain text/css text/xml application/javascript application/x-javascript application/xml image/svg+xml;
	gzip_types text/plain
		text/css
		text/javascript
		text/xml
		application/json
		application/javascript
		application/x-javascript
		application/x-font-ttf
		application/xml
		application/xml+rss 
		image/svg+xml;
	gzip_disable "MSIE [1-6]\.";

	map $http_upgrade $connection_upgrade {
		default upgrade;
		'' close;
	}

	##
	# Virtual Host Configs
	##
	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites/*;
}