user			nginx nginx;
error_log		/var/log/nginx/nginx-@type@_error.log;
pid			/var/run/nginx-@type@.pid;

events {
	worker_connections	2048;
	use epoll;
}

http {
	include		/etc/nginx/mime.types;
	default_type	application/octet-stream;

	log_format	main	'$remote_addr - $remote_user [$time_local] $request '
				'"$status" $body_bytes_sent "$http_referer" '
				'"$http_user_agent" "$http_x_forwarded_for"';
	access_log	/var/log/nginx/nginx-@type@_access.log	main;

	server {
		listen		80;
		# listen 443 ssl;

		# Leave only secure protocols (so disable unsecure SSLv2/SSLv3)
		# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

		# https://wiki.mozilla.org/Security/Server_Side_TLS
		# perfect forward secrecy
		# ssl_prefer_server_ciphers on;
		# ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-DSS-AES128-GCM-SHA256 kEDH+AESGCM ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-ECDSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-DSS-AES128-SHA256 DHE-RSA-AES256-SHA256 DHE-DSS-AES256-SHA DHE-RSA-AES256-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA AES CAMELLIA DES-CBC3-SHA !aNULL !eNULL !EXPORT !DES !RC4 !MD5 !PSK !aECDH !EDH-DSS-DES-CBC3-SHA !EDH-RSA-DES-CBC3-SHA !KRB5-DES-CBC3-SHA";

		# Session resumption (caching)
		# ssl_session_cache shared:SSL:50m;
		# ssl_session_timeout 5m;

		# ssl_certificate /etc/nginx/server.crt;
		# ssl_certificate_key /etc/nginx/server.key;

		server_name	localhost;
		access_log	/var/log/nginx/nginx-@type@_access.log main;

		location / {
			autoindex	on;
			root	/home/services/nginx/html;
			index	index.html index.htm index.php;
		}

		include webapps.d/*.conf;
	}

	include vhosts.d/*.conf;
}