worker_processes auto;
pid /var/run/nginx.pid;
daemon off;
pcre_jit on;

events {
    worker_connections 2048; 
    use epoll;
}

http {
    limit_conn_zone $binary_remote_addr zone=limit_per_ip:10m;
    limit_conn limit_per_ip 128;
    limit_req_zone $binary_remote_addr zone=allips:10m rate=150r/s;
    limit_req zone=allips burst=150 nodelay;

    more_set_headers 'Server: secret';

    include /etc/nginx/conf/mime.types;
    default_type application/octet-stream;

    access_log /var/log/nginx/access.log combined;
    error_log /var/log/nginx/error.log crit;

    fastcgi_temp_path /tmp/fastcgi 1 2;
    proxy_temp_path /tmp/proxy 1 2;
    client_body_temp_path /tmp/client_body 1 2;

    client_body_buffer_size 10K;
    client_header_buffer_size 1k;
    client_max_body_size 8m;
    large_client_header_buffers 2 1k;
    
    aio threads;
    sendfile on;
    keepalive_timeout 15;
    keepalive_disable msie6;
    keepalive_requests 100;
    tcp_nopush on;
    tcp_nodelay on;
    server_tokens off;
    
    gzip on;
    gzip_comp_level 5;
    gzip_min_length 512;
    gzip_buffers 4 8k;
    gzip_proxied any;
    gzip_vary on;
    gzip_disable "msie6";
    gzip_types
        text/css
        text/javascript
        text/xml
        text/plain
        text/x-component
        application/javascript
        application/x-javascript
        application/json
        application/xml
        application/rss+xml
        application/vnd.ms-fontobject
        font/truetype
        font/opentype
        image/svg+xml;
  
    brotli on;
    brotli_static on;
    brotli_buffers 16 8k;
    brotli_comp_level 6;
    brotli_types
        text/css
        text/javascript
        text/xml
        text/plain
        text/x-component
        application/javascript
        application/x-javascript
        application/json
        application/xml
        application/rss+xml
        application/vnd.ms-fontobject
        font/truetype
        font/opentype
        image/svg+xml;

    include /sites-enabled/*.conf;
}