user http;

# Automatically determine how many cores to use:
worker_processes auto;
worker_cpu_affinity auto;

events {
	# If you want to change this limit, be sure to set LimitNOFILE in the corresponding service:
	worker_connections 1000;
}

http {
	passenger_root /usr/lib/passenger;
	passenger_ruby /usr/bin/ruby;

	include mime.types;
	default_type application/octet-stream;

	#log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
	#          '$status $body_bytes_sent "$http_referer" '
	#          '"$http_user_agent" "$http_x_forwarded_for"';

	#access_log /var/log/nginx/access.log;
	passenger_log_file /var/log/nginx/passenger.log;

	sendfile on;
	#tcp_nopush on;

	# 2 minutes, avoids SSL handshakes.
	keepalive_timeout 120;

	gzip on;
	gzip_vary on;
	gzip_comp_level 6;
	gzip_http_version 1.1;
	gzip_proxied any;
	gzip_types text/html image/svg+xml application/json application/javascript;

	client_body_buffer_size 16M; 
	client_max_body_size 128M;

	# Only support modern SSL protocols:
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	
	# We cache session parameters for up to 10 minutes. Shared across workers.
	ssl_session_timeout 10m;
	ssl_session_cache shared:SSL:10m;
	
	# We prefer to use only the ciphers we specify:
	ssl_prefer_server_ciphers on;
	# Some older browsers still require RC4... ugh.
	# ssl_ciphers HIGH:!aNULL:!MD5:!DSS:!RC4;
	ssl_dhparam /etc/nginx/dhparam.pem;

	include sites/*;

	server {
		listen 80 default_server;
		server_name _;

		# Redirect all incoming requests which aren't handled by another server:
		# rewrite ^ http://www.domain.com permanent;
	}
}