user www-data;
worker_processes auto;
error_log  /tmp/error.log;
pid        /tmp/nginx.pid;

events {
	worker_connections 1024;
	multi_accept on;
    use epoll;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 90s;
	keepalive_requests 1000;
	server_tokens off;
	client_body_buffer_size 32k;
	client_header_buffer_size    1k;
	client_max_body_size 50M;
	types_hash_max_size 2048;
	server_names_hash_bucket_size 64;
	server_names_hash_max_size 4096;
	large_client_header_buffers 4 16k;

	# Our request limiter zone for wp-login attacks
	limit_req_zone $binary_remote_addr zone=wp-login:10m rate=1r/s;
    
    # DDos Mitigation
    # ***************
    # https://www.nginx.com/blog/mitigating-ddos-attacks-with-nginx-and-nginx-plus/
    # Limiting the Rate of Requests
    limit_req_zone $ratelimited zone=flood:50m rate=90r/s;
    # Limiting the Number of Connections
    limit_conn_zone $ratelimited zone=addr:50m;
    # End Slow conections
	#client_body_timeout 5s;
	#client_header_timeout 5s;


	# use any of the following two
	real_ip_header CF-Connecting-IP;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# Logging Settings
	##
	log_format  custom  '$remote_addr - $http_x_forwarded_for $remote_user $server_port [$time_local] "$request" '
                  '$status "$http_referer" "$http_user_agent" "$http_header"'
                  '"$body_bytes_sent" - "$gzip_ratio"';

	log_format timedcombined '$remote_addr - $http_cf_connecting_ip $remote_user [$time_local] '
		'"$request" $status $body_bytes_sent '
		'"$http_referer" "$http_user_agent" '
		'PORT:$server_port $request_time $upstream_response_time $pipe "$gzip_ratio"';

	log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

	log_format  wordpress  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"'
                  'PORT:$server_port $request_time $upstream_response_time $pipe "GZIP:$gzip_ratio"';

	access_log /var/log/nginx/access.log timedcombined;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;
	gzip_disable "MSIE [1-6]\.";
	gzip_vary on;
	gzip_static on;
	gzip_min_length 20;
	gzip_proxied expired no-cache no-store private auth;
	gzip_comp_level 7;
	gzip_buffers 32 4k;
	gzip_http_version 1.1;
	gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
	#gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;

}



  server {
    listen                      80;
    server_name                 fakedomain.com;
    root                        /var/www;
    limit_conn                  conn_limit_per_ip 10;
    limit_req                   zone=req_limit_per_ip burst=10 nodelay;

    }
  }

}