# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

# Load dynamic modules first
include modules.d/*.conf;

events {
	worker_connections 2048;
	use epoll;
}

http {
	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
			'$status $body_bytes_sent "$http_referer" '
			'"$http_user_agent" "$http_x_forwarded_for"';
	access_log /var/log/nginx/access.log main;

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	# Load modular configuration files from the /etc/nginx/conf.d directory.
	# See http://nginx.org/en/docs/ngx_core_module.html#include
	# for more information.
	include /etc/nginx/conf.d/*.conf;

	server {
		listen 80 default_server;
		listen [::]:80 default_server;
		server_name  _;

		# https://wiki.mozilla.org/Security/Server_Side_TLS
		#listen 443 ssl http2 default_server;
		#listen [::]:443 ssl http2 default_server;

		# Certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
		#ssl_certificate /etc/nginx/server.crt;
		#ssl_certificate_key /etc/nginx/server.key;

		# Session resumption (caching)
		#ssl_session_timeout 1d;
		#ssl_session_cache shared:SSL:50m;
		#ssl_session_tickets off;

		# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
		#ssl_dhparam /etc/nginx/dhparam.pem;

		# modern tweak to your needs.
		# https://ssl-config.mozilla.org/#server=nginx&server-version=1.17.0&config=intermediate

		# intermediate configuration
		# ssl_protocols TLSv1.2 TLSv1.3;
		# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
		# ssl_prefer_server_ciphers off;

		# HSTS (ngx_http_headers_module is required) (63072000 seconds)
		# add_header Strict-Transport-Security "max-age=63072000" always;

		# OCSP Stapling ---
		# fetch OCSP records from URL in ssl_certificate and cache them
		#ssl_stapling on;
		#ssl_stapling_verify on;

		# verify chain of trust of OCSP response using Root CA and Intermediate certs
		#ssl_trusted_certificate /etc/nginx/ca.crt;

		access_log	/var/log/nginx/access.log main;

		location / {
			autoindex	on;
			root	/home/services/nginx/html;
			index	index.html index.htm index.php;
		}

		# Load configuration files for the default server block.
		include webapps.d/*.conf;
	}

	include vhosts.d/*.conf;
}