From d3eb40eb11d9d78055a136e09e1b598a311a39a1 Mon Sep 17 00:00:00 2001
From: Mitchell Krog <mitchellkrog@gmail.com>
Date: Wed, 8 Feb 2017 17:24:07 +0200
Subject: [PATCH] Sample nginx.conf file included

---
 SAMPLE-nginx.conf | 86 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 86 insertions(+)
 create mode 100644 SAMPLE-nginx.conf

diff --git a/SAMPLE-nginx.conf b/SAMPLE-nginx.conf
new file mode 100644
index 000000000..c6c83cc6c
--- /dev/null
+++ b/SAMPLE-nginx.conf
@@ -0,0 +1,86 @@
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+
+events {
+	worker_connections 1024;
+	multi_accept on;
+    use epoll;
+}
+
+http {
+
+    ## SAMPLE nginx.conf file
+
+	##
+	# Basic Settings
+	##
+
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	keepalive_timeout 90s;
+	keepalive_requests 1000;
+	server_tokens off;
+	client_body_buffer_size 32k;
+	client_header_buffer_size    1k;
+	client_max_body_size 50M;
+	types_hash_max_size 2048;
+	server_names_hash_bucket_size 64;
+	server_names_hash_max_size 4096;
+	large_client_header_buffers 4 16k;
+
+	# Our request limiter zone for wp-login attacks (used in Fail2Ban nginx-limit-req filter and jail)
+	limit_req_zone $binary_remote_addr zone=wp-login:10m rate=1r/s;
+    
+    # DDos Mitigation
+    # ***************
+    # https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/
+    # Limiting the Rate of Requests
+    limit_req_zone $binary_remote_addr zone=flood:50m rate=90r/s;
+    # Limiting the Number of Connections
+    limit_conn_zone $binary_remote_addr zone=addr:50m;
+
+
+	# Add FastCGI caching
+	# https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# SSL Settings
+	##
+    # Your own SSL settings here if using SSL
+
+	##
+	# Logging Settings
+	##
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log;
+
+	##
+	# Gzip Settings
+	##
+
+	gzip on;
+	gzip_disable "MSIE [1-6]\.";
+	gzip_vary on;
+	gzip_static on;
+	gzip_min_length 20;
+	gzip_proxied expired no-cache no-store private auth;
+	gzip_comp_level 7;
+	gzip_buffers 32 4k;
+	gzip_http_version 1.1;
+	gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+
+	##
+	# Virtual Host Configs
+	##
+
+	# Our globalblacklist.conf Bot Blocker Gets Included Because it is placed into the conf.d folder
+	# which is loaded by the include below
+	include /etc/nginx/conf.d/*.conf;
+	include /etc/nginx/sites-enabled/*;
+
+}