daemon on;
user www-data;
worker_processes auto;
pid /run/nginx.pid;
pcre_jit on;
worker_rlimit_nofile 30000;

events {
	worker_connections 20000;
	multi_accept on;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	aio threads;
	aio_write on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	server_tokens off;
	client_max_body_size 10G;
	proxy_http_version 1.1;
	proxy_buffering off;

	client_body_timeout 10s;
	client_header_timeout 10s;

	server_names_hash_bucket_size 32768;
	server_names_hash_max_size 1024;
	server_name_in_redirect off;
	port_in_redirect off;
	charset UTF-8;
	index index.html index.htm index.php index.hosting.html;
	disable_symlinks if_not_owner;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	map $sent_http_content_type $expires {
		default		off;
		~image/		10d;
		~video/		10d;
		~audio/		10d;
		text/css	10d;
		application/javascript	10d;
	}
	expires $expires;

	map $http_x_forwarded_proto $php_scheme {
		default		$scheme;
		http		"http";
		https		"https";
	}
	map $http_x_forwarded_proto $php_https {
		default		"";
		https		"on";
	}
	map $http_x_forwarded_proto $php_port {
		default		80;
		https		443;
	}

	##
	# Logging Settings
	##
	log_format custom '$host: 0.0.0.0 - $remote_user [$time_local] "$request" $status $bytes_sent "$http_referer" "$http_user_agent"';
	access_log /var/log/nginx/access.log custom buffer=32k flush=1m;
	error_log /var/log/nginx/error.log notice;
	log_not_found off;

	##
	# Gzip Settings
	##

	gzip on;
	gzip_vary on;
	gzip_proxied any;
	gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml image/x-icon;

	brotli on;
	brotli_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml image/x-icon;

	fastcgi_index index.php;
	fastcgi_read_timeout 30m;
	fastcgi_max_temp_file_size 0;
	fastcgi_buffer_size 8K;
	fastcgi_buffers 32 8k;
	fastcgi_cache fcache;
	fastcgi_cache_path /tmp/nginx/ levels=2 keys_zone=fcache:5m inactive=1h max_size=1G;
	fastcgi_cache_key $host$request_uri;

	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_prefer_server_ciphers on;
	ssl_ecdh_curve X448:X25519:secp521r1:secp384r1:prime256v1;
	ssl_ciphers HIGH:!PSK:!RSA:!aNULL:!MD5:!SHA:!CAMELLIA:!AES+SHA256:!AES+SHA384;
	ssl_session_cache shared:SSL:10m;
	ssl_stapling on;
	ssl_stapling_verify on;
#	ssl_certificate /etc/acme.sh/hosting.danwin1210.me_ecc/fullchain.cer;
#	ssl_certificate_key /etc/acme.sh/hosting.danwin1210.me_ecc/hosting.danwin1210.me.key;
#	ssl_dhparam /etc/nginx/dh4096.pem;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/sites-enabled/*;
}

stream {
	include /etc/nginx/streams-enabled/*;
}