user	www;
worker_processes  auto;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
#error_log /var/log/nginx/error.log crit;

#pid        logs/nginx.pid;

worker_rlimit_nofile 8000;
#worker_rlimit_sigpending 7000;

events {
	worker_connections  4096;
	use kqueue;
#	multi_accept on;
}



http {
	## Hasing
	server_names_hash_max_size 1024;
	server_names_hash_bucket_size 128;

	##
	# Basic Settings
	##

	## Size Limits
	client_header_buffer_size       1k;
        client_max_body_size            50M;
        client_body_buffer_size         128k;
        large_client_header_buffers     1 1k;

	## Timeout
        client_body_timeout     5;
        client_header_timeout   5;
        keepalive_timeout       5;
        send_timeout            5;

	## Reset lingering timed out connections. Deflect DDoS
        reset_timedout_connection       on;

	## General Options
        ignore_invalid_headers  on;
        limit_conn_zone         $binary_remote_addr zone=arbeit:10m;
        #limit_conn_zone                gulag binary_remote_addr 1m;
        recursive_error_pages   on;
        server_tokens           off;
        server_name_in_redirect off;
        sendfile                on;
        types_hash_max_size     2048;

	## TCP Options
        tcp_nopush              on;
        tcp_nodelay             on;

    	include       mime.types;
	default_type  application/octet-stream;

	log_format	main	'$remote_addr - $remote_user [$time_local] "$request" '
				'$status $body_bytes_sent "$http_referer" '
				'"$http_user_agent" "$http_x_forwarded_for"';
	log_format	IP	'$remote_addr';

	#access_log  logs/access.log  main;
	#access_log  /var/log/nginx/ip.log  IP;

	# Log off pour l'instant
	access_log	off;
	limit_conn_log_level info;

	##
        # Gzip Settings
        ##

        gzip            on;
        gzip_buffers    16 8k;
        gzip_http_version 1.1;
        gzip_comp_level 6;
        gzip_min_length 10;
        gzip_types      text/plain text/css image/png application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon application/vnd.ms-fontobject font/opentype application/x-font-ttfs application/json;
        gzip_vary       on;
        gzip_proxied    any;
        gzip_disable    "msie6";

	# File Cache Setting
        open_file_cache         max=5000 inactive=20s;
        open_file_cache_valid   30s;
        open_file_cache_min_uses 2;
        open_file_cache_errors  on;

	## Security https://gist.github.com/plentz/6737338
        add_header X-Frame-Options SAMEORIGIN;
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'";


	# Virtual Host Configs

	include /usr/local/etc/nginx/conf.d/*.conf;


}