worker_processes 4;
pid /tmp/nginx.pid;


error_log /dev/stderr info;


events {
    worker_connections 1024;
    multi_accept off;
}

http {


    ## asynchronous input/output policy.
    tcp_nopush on;
    sendfile on;


    ## Security policy
    ssl_protocols TLSv1.3 TLSv1.2;
    ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
    server_tokens off;                              # disable server version response header.
    add_header X-Content-Type-Options nosniff;      # Disable sniffing
    add_header X-Frame-Options SAMEORIGIN always;   # Prevent clickjacking.
    add_header "X-XSS-Protection" "1; mode=block";  # Prevent cross-site-scripting
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;  # Force HSTS, prevent mitm attack between 301 redirect for http, and https server.


    ## Log file policy.
    log_format logformat    '$remote_addr - $remote_user [$time_local] "$request" '
                            '$status $body_bytes_sent "$http_referer" '
                            '"$http_user_agent" "$http_x_forwarded_for"';
    access_log /dev/stdout logformat;


    ## Temp file policy.
    client_body_temp_path /tmp/client_temp;
    fastcgi_temp_path /tmp/fastcgi_temp;
    uwsgi_temp_path /tmp/uwsgi_temp;
    proxy_temp_path /tmp/proxy_temp;
    scgi_temp_path /tmp/scgi_temp;


    ## Buffer Policy.
    client_body_buffer_size 1K;
    client_header_buffer_size 1k;
    client_max_body_size 1k;
    large_client_header_buffers 2 1k;


    ## Client timeout policy
    client_body_timeout   10;
    client_header_timeout 10;
    keepalive_timeout     5 5;
    send_timeout          10;


    ## Default mime type.
    include snippets/mime-types.conf;
    default_type text/html;


    ## http vhosts
    include conf.d/http/*.conf;


}