user  root;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

	sendfile on;
    keepalive_timeout 0;
	
	client_body_buffer_size 10K;
	client_header_buffer_size 1k;
	client_max_body_size 1G;
	large_client_header_buffers 2 1k;

    gzip on;
    gzip_http_version 1.1;
    gzip_vary on;
    gzip_comp_level 1;
    gzip_proxied any;
	
	root /www;
	
	server {
		listen 80 default_server;
		listen [::]:80 default_server;
		server_name _;
		return 301 https://$host$request_uri;
	}

    server {
        listen 443 ssl default_server;
		listen [::]:443 ssl default_server;
        server_name  localhost;
		
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
		ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:DHE+AESGCM:DHE:!RSA!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!CAMELLIA:!SEED";
        ssl_session_tickets off;

		ssl_certificate /etc/nginx/nginx.cer;
        ssl_certificate_key /etc/nginx/nginx.key;
		
		location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
			expires 365d;
		}

		include luci_uwsgi.conf;

    }
}