## Proxy options
proxy_buffering           on;
#  proxy_cache_min_uses       3;
proxy_cache_path          /var/nginx/proxy-cache/ levels=1:2 keys_zone=cache:10m inactive=10m max_size=1000M;
proxy_cache_valid         any 10m;
proxy_ignore_client_abort off;
proxy_intercept_errors    on;
proxy_next_upstream       error timeout invalid_header;
proxy_redirect            off;
proxy_set_header          Host $host;
proxy_set_header          X-Forwarded-For $remote_addr;
proxy_connect_timeout     60;
proxy_send_timeout        60;
proxy_read_timeout        60;

# We used to use this header when we ran dual http/https stacks to verify
# user login pages were being only requested over https, but now we forward
# every site to https, so we can assume our schemes are aligned to our interests
# (as long as all our backend code stopped checking for X-Forwarded-Proto too).
#proxy_set_header          X-Forwarded-Proto $scheme;

## Size Limits
# May need to override these (server or location blocks) if doing large uploads.
# Setting to zero disables any size checking.
client_body_buffer_size   16k;
client_max_body_size      15m;

# If clients send headers larger than 1k,
# they get upgraded to large_client_header_buffers.
client_header_buffer_size 1k;
large_client_header_buffers 32 64k;

## Timeouts
client_body_timeout   5s;
client_header_timeout 5s;
keepalive_timeout     5s 5s;
#keepalive_timeout 0;
send_timeout          5s;

## General Options
ignore_invalid_headers   on;
recursive_error_pages    on;
#sendfile                 on; # enabled by top level config
server_name_in_redirect off;
server_tokens           off;

# For per-client rate limiting, see config options at:
# https://nginx.org/en/docs/http/ngx_http_limit_conn_module.html

## Compression
#gzip              on; # enabled by top level config
gzip_static       on;
gzip_buffers      16 32k;
gzip_comp_level   6;
gzip_http_version 1.0;
gzip_min_length   500;
gzip_types        text/plain application/x-javascript text/xml text/css image/x-icon application/xml application/xml+rss text/javascript application/javascript application/json image/svg+xml font/truetype font/opentype application/vnd.ms-fontobject;
gzip_vary         on;
gzip_proxied      any;  # required for cloudfront to receive a gzip'd response

## Filesystem Operation Cache (caches fds, sizes, times, errors, etc)
open_file_cache          max=6000 inactive=5m;
open_file_cache_valid    2m;
open_file_cache_min_uses 1;
open_file_cache_errors   on;

# For reading a response from disk
output_buffers 32 32k;

## Optimize Large File Transfers (can be overriden in hosts and locations)
aio threads; # use default thread pool, create thread pools: threads=NAME;
aio_write on; # use threaded writes for temporary files and proxied data

# For files larger than 8 MB, use O_DIRECT instead of sendfile()
directio 8m;
directio_alignment 512; # if using XFS, set as 4096

## Access Log Caches
open_log_file_cache max=64 inactive=20s min_uses=1 valid=1m;

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';