user nginx;
worker_processes auto;
daemon off;
pid /run/nginx.pid;

events {
  worker_connections 768;
}

http {
  ##
  # Basic Settings
  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;
  keepalive_timeout 65;
  types_hash_max_size 2048;
  server_tokens off;

  include /etc/nginx/mime.types;
  default_type application/octet-stream;

  ##
  # SSL Settings
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers 'AES128+EECDH:AES128+EDH:HIGH:!aNULL:!MD5:!3DES:!RC4:!CAMELLIA';
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 5m;
  # add_header Strict-Transport-Security 'max-age=63072000; includeSubdomains; preload';
  add_header X-Frame-Options DENY;
  add_header X-Content-Type-Options nosniff;
  ssl_session_tickets off;
  ssl_stapling on;
  ssl_stapling_verify on;
  resolver 8.8.8.8 8.8.4.4 valid=300s;
  resolver_timeout 5s;

  ##
  # Logging Settings
  log_format keyvalue '$remote_addr – $remote_user [$time_iso8601] "$request" '
                      'status=$status '
                      'forwarded_for="$http_x_forwarded_for" '
                      'user_agent="$http_user_agent" '
                      'referer="$http_referer" '
                      'bytes_sent=$body_bytes_sent '
                      'req_time=$request_time '
                      'server=nginx';
  access_log /dev/stdout keyvalue;
  error_log /dev/stderr;

  server {
    server_name _;
    root /srv/www;

    location / {
      expires max;
      add_header Cache-Control public;
    }
  }
}