| user www-data; |
| worker_processes auto; |
| pid /run/nginx.pid; |
| events { |
| worker_connections 768; |
| # multi_accept on; |
| } |
| http { |
| ## |
| # Basic Settings |
| ## |
| sendfile on; |
| tcp_nopush on; |
| tcp_nodelay on; |
| keepalive_timeout 65; |
| client_max_body_size 20m; |
| types_hash_max_size 2048; |
| server_tokens off; # Prevent nginx version from being leaked. |
| # server_names_hash_bucket_size 64; |
| # server_name_in_redirect off; |
| include /etc/nginx/mime.types; |
| default_type application/octet-stream; |
| ## |
| # SSL Settings |
| ## |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE |
| ssl_prefer_server_ciphers on; |
| ## |
| # Logging Settings |
| ## |
| access_log /var/log/nginx/access.log; |
| error_log /var/log/nginx/error.log; |
| ## |
| # Gzip Settings |
| ## |
| gzip on; |
| gzip_disable "msie6"; |
| # gzip_vary on; |
| # gzip_proxied any; |
| # gzip_comp_level 6; |
| # gzip_buffers 16 8k; |
| # gzip_http_version 1.1; |
| # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; |
| ## |
| # Virtual Host Configs |
| ## |
| include /etc/nginx/conf.d/*.conf; |
| include /etc/nginx/sites-enabled/*; |
| } |
| |
| # This rule allows Skolo and Golo bots to report collectd metrics, by forwarding TCP connections |
| # to the graphite proxy for Prometheus. |
| |
| stream { |
| server { |
| error_log /var/log/nginx/tcp_error.log; |
| |
| listen 2003; |
| proxy_pass skia-monitoring:2003; |
| |
| # Skolo public IP |
| allow 104.132.164.0/24; |
| # Golo public IP |
| allow 74.125.248.64/27; |
| deny all; |
| } |
| } |