user  root;
worker_processes  auto;

error_log  /var/log/nginx/error.log info;
pid        /var/run/nginx.pid;


events {
    use epoll;
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    send_timeout      1200;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   600;
    types_hash_max_size 2048;
    client_max_body_size 2048m;
    client_body_buffer_size 2048m;

    underscores_in_headers on;

    proxy_send_timeout 600;
    proxy_read_timeout 600;
    proxy_connect_timeout 600;
    proxy_buffer_size 128k;
    proxy_buffers 8 256k;

    gzip  on;

    map $http_x_forwarded_proto $proxy_x_forwarded_proto {
      default $http_x_forwarded_proto;
      ''      $scheme;
    }

    # If we receive X-Forwarded-Port, pass it through; otherwise, pass along the
    # server port the client connected to
    map $http_x_forwarded_port $proxy_x_forwarded_port {
      default $http_x_forwarded_port;
      ''      $server_port;
    }
    # If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
    # Connection header that may have been passed to this server
    map $http_upgrade $proxy_connection {
      default upgrade;
      '' close;
    }
    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
    }

    server_names_hash_bucket_size 128;
    # Default dhparam
    ssl_dhparam /etc/nginx/dhparam/dhparam.pem;
    # Set appropriate X-Forwarded-Ssl header based on $proxy_x_forwarded_proto
    map $proxy_x_forwarded_proto $proxy_x_forwarded_ssl {
      default off;
      https on;
    }


    gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
    ssl_prefer_server_ciphers off;

    # HTTP 1.1 support
#     proxy_http_version 1.1;
#     proxy_buffering off;
#     proxy_set_header Host $http_host;
#     proxy_set_header Upgrade $http_upgrade;
#     proxy_set_header Connection $proxy_connection;
#     proxy_set_header X-Real-IP $remote_addr;
#     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#     proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
#     proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
#     proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
#     proxy_set_header X-Original-URI $request_uri;

    include /etc/nginx/conf.d/*.conf;
}