user nginx;
worker_processes auto;
timer_resolution   100ms;
worker_rlimit_nofile 2048;

error_log /var/log/nginx/error.log info;

events {
        worker_connections  512;
        use epoll;
}

http {
        include         /etc/nginx/mime.types;
        default_type    application/octet-stream;

        log_format main
                '$remote_addr - $remote_user [$time_local] '
                '"$request" $status $bytes_sent '
                '"$http_referer" "$http_user_agent" ';


        gzip on;
        gzip_min_length 4096;
        gzip_buffers    16 8k;
        gzip_types text/css text/xml application/xml application/x-javascript application/javascript text/javascript text/plain;

        sendfile        on;
        tcp_nopush      on;
        tcp_nodelay     on;

        # Simple anti-DDoS protection, part 1, limiting the timeouts and buffer sizes:
        client_header_timeout      5;
        client_body_timeout        5;
        send_timeout               5;
        keepalive_timeout          10;
        reset_timedout_connection  on;
      
        # Required on aarch64 (a1 and m6g AWS instances):
        #server_names_hash_bucket_size 64;

        large_client_header_buffers 4 16k;
        client_max_body_size          32m;

        # Protect against a bug in IE 10&11, http://habrahabr.ru/company/pt/blog/249809/ :
        add_header X-Frame-Options SAMEORIGIN;

        # Hide the version of nginx from hackers:
        server_tokens off;

        # Simple anti-DDoS protection, part 2.1, limiting the number of connection and requests per IP address:
        limit_req_zone $binary_remote_addr zone=reqsperip:16m rate=4r/s;
        limit_conn_zone $binary_remote_addr zone=connsperip:16m;

        # Simple anti-DDoS protection, part 4, beating off the bots that do not send  Host: headers
        server {
               listen *:80;
               server_name  noname;
               return  444;
        }

        server {
                listen          *:80;
                server_name     localhost;
                access_log      /var/log/nginx/pma.log main;
                index           index.php  index.html;
                root            /www/pma;

                # Simple anti-DDoS protection, part 2.2a, maximum 8 connections per source IP:
                limit_conn connsperip 8;

                location / { try_files $uri $uri/ /index.php$is_args$args; }

                location ~ \.php$ {
                  # Simple anti-DDoS protection, part 2.2b, maximum 12 requests to PHP scripts per source IP:
                  limit_req zone=reqsperip burst=12 nodelay;
                  fastcgi_pass   127.0.0.1:59038;
                  fastcgi_buffer_size   16k;
                  fastcgi_busy_buffers_size  16k;
                  include        fastcgi_params;
                  fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                }

                include static.conf;
        }
}