# example nginx config for highlighting

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
worker_connections 1024;
}

http {
server_tokens off;
include /etc/nginx/mime.types;
default_type application/octet-stream;

server_names_hash_bucket_size 64;
server_names_hash_max_size 1024;
types_hash_max_size 2048;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

map $remote_addr $not_lb_request {
192.168.1.234 0; # our loadbalancer
default 1; # any other host
}

access_log /var/log/nginx/access.log main if=$not_lb_request;

real_ip_header X-Forwarded-For;
set_real_ip_from 192.168.1.234; # trust our loadbalancer to present the correct client IP

map $http_x_forwarded_proto $real_scheme {
default $http_x_forwarded_proto;
'' $scheme;
}

sendfile on;
tcp_nopush on;
tcp_nodelay on;

keepalive_timeout 75 20;
ignore_invalid_headers on;

gzip off;

charset utf-8;
index index.html index.htm;

server {
listen 80;
server_name localhost;

location / {
root html;
index index.html index.htm;
}

error_page 404 /404.html;

# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi_params;
}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
location ~ /\.ht {
deny all;
}
}

# HTTPS server
server {
listen 443 ssl;
server_name localhost secure.example.org;

ssl_certificate cert.pem;
ssl_certificate_key cert.key;

ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;

ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location / {
root html;
index index.html index.htm;
}
}

# default server block
server {
listen 80;
server_name _;

location / {
return 403;
}

location /tftp {
allow 192.168.1.0/24;
deny all;
root /data;
}
}

# "unit" testing ;-)
client_body_timeout 1y 12M 52w 365d 1337h 256m 42s 440ms;
client_max_body_size 1024 56k 56K 64m 64M 32g 32G;
}