user			nginx nginx;
error_log		/var/log/nginx/error.log;
pid			/var/run/nginx.pid;

events {
	worker_connections	2048;
	use epoll;
}

http {
	include		/etc/nginx/mime.types;
	default_type	application/octet-stream;

	log_format	main	'$remote_addr - $remote_user [$time_local] $request '
				'"$status" $body_bytes_sent "$http_referer" '
				'"$http_user_agent" "$http_x_forwarded_for"';
	access_log	/var/log/nginx/access.log	main;

	server {
		listen		80;
		# listen 443 ssl;

		# https://wiki.mozilla.org/Security/Server_Side_TLS

		# Certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
		#ssl_certificate /etc/nginx/server.crt;
		#ssl_certificate_key /etc/nginx/server.key;

		# Session resumption (caching)
		#ssl_session_timeout 1d;
		#ssl_session_cache shared:SSL:50m;
		#ssl_session_tickets off;

		# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
		#ssl_dhparam /etc/nginx/dhparam.pem;

		# intermediate configuration. tweak to your needs.
		#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
		#ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
		#ssl_prefer_server_ciphers on;

		# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
		#add_header Strict-Transport-Security max-age=15768000;

		# OCSP Stapling ---
		# fetch OCSP records from URL in ssl_certificate and cache them
		#ssl_stapling on;
		#ssl_stapling_verify on;

		# verify chain of trust of OCSP response using Root CA and Intermediate certs
		#ssl_trusted_certificate /etc/nginx/ca.crt;

		server_name	localhost;
		access_log	/var/log/nginx/access.log main;

		location / {
			autoindex	on;
			root	/home/services/nginx/html;
			index	index.html index.htm index.php;
		}

		include webapps.d/*.conf;
	}

	include vhosts.d/*.conf;
}