nginx.conf

user www-data;
worker_processes 2;
pid /var/run/nginx.pid;

events {
    worker_connections 2000;
    # multi_accept on;
}

http {
    ##
    # Basic Settings for Linux
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    #keepalive_disable msie6;

    types_hash_max_size 2048;
    server_tokens off;

    client_max_body_size 32m;

    ##
    # Buffers
    ##

    client_body_buffer_size   8k;
    client_header_buffer_size 1k;
    large_client_header_buffers 4 8k;
    fastcgi_buffer_size 128k;
    fastcgi_buffers 16 128k;
    fastcgi_busy_buffers_size 512k;
    proxy_buffering on;
    proxy_buffers 16 128k;
    output_buffers 2 512k;

    ##
    # File attributes cache
    ##

    open_file_cache max=10000; 
    open_file_cache_valid 3s; 
    open_file_cache_min_uses 2;
    open_file_cache_errors on;

    server_names_hash_bucket_size 128;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip on;
    gzip_disable "MSIE [1-6]\.";

    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_min_length 1000;
    gzip_buffers 16 128k;
    gzip_http_version 1.0;
    gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript text/x-component font/truetype font/opentype;

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
    
    # See: https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy
    # This MUST come AFTER the lines that includes .../sites-enabled/*, otherwise SSLv3 support may be re-enabled accidentally.
    include /etc/nginx/secrecy/basic.conf;
}