worker_processes  1;
pid /run/nginx.pid;
worker_rlimit_nofile 51200;


events {
    use epoll;
    worker_connections  1024;
    multi_accept on;
}

http {
    include mime.types;
    default_type application/octet-stream;
    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 1024m;
    client_body_buffer_size 10m;
    sendfile on;
    tcp_nopush on;
    keepalive_timeout 120;
    server_tokens off;
    tcp_nodelay on;


    log_format  main_timed  '$remote_addr - $remote_user [$time_local] "$request" '
                            '$status $body_bytes_sent "$http_referer" '
                            '"$http_user_agent" "$http_x_forwarded_for" '
                            '$request_time $upstream_response_time $pipe $upstream_cache_status'
                '$document_root$fastcgi_script_name > $request';


    access_log /dev/stdout main_timed;
    error_log /dev/stderr notice;

    gzip on;
    gzip_buffers 16 8k;
    gzip_comp_level 6;
    gzip_http_version 1.1;
    gzip_min_length 256;
    gzip_proxied any;
    gzip_vary on;
    gzip_types
      text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml
      text/javascript application/javascript application/x-javascript
      text/x-json application/json application/x-web-app-manifest+json
      text/css text/plain text/x-component
      font/opentype application/x-font-ttf application/vnd.ms-fontobject
      image/x-icon;
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";

    open_file_cache max=50000 inactive=60s;
    open_file_cache_valid 120s;
    open_file_cache_min_uses 2;
    open_file_cache_errors off;
    open_log_file_cache max=10000 inactive=30s min_uses=2;

    server {
        listen [::]:80 default_server;
        listen 80 default_server;
        server_name _;

        sendfile off;

        proxy_buffer_size 128k;
        proxy_buffers 4 256k;
        proxy_busy_buffers_size 256k;

        client_max_body_size 50m;
        client_body_buffer_size 128k;

        root /usr/share/nginx/html;
        index index.php;
    include /etc/nginx/includes/*.conf;

    location ~* ^/(wp-content)/(.*?)\.(zip|gz|tar|bzip2|7z)$ { deny all; }
        location ~ /(\.DS_Store|wp-config.php|wp-config-sample.php|readme.html.gz|readme.txt.gz|readme.html|readme.txt|error_log|license.txt|changelog|changelog.txt) { access_log off; log_not_found off; deny all; }
        location = /robots.txt  { access_log off; log_not_found off; }
        location = /favicon.ico { access_log off; log_not_found off; expires 30d; }
        location ~ ~$           { access_log off; log_not_found off; deny all; }

        location /wp-content {
            root /usr/share/nginx/html;
            expires 7d;
            add_header Cache-Control "public";
        }

        location / {
            try_files $uri $uri/ /index.php?$args;
        }

        location ~ [^/]\.php(/|$) {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_connect_timeout 300;
            fastcgi_send_timeout 300;
            fastcgi_read_timeout 300;
            fastcgi_buffer_size 64k;
            fastcgi_buffers 4 64k;
            fastcgi_busy_buffers_size 128k;
            fastcgi_temp_file_write_size 128k;
            fastcgi_intercept_errors on;

            fastcgi_index index.php;
            fastcgi_pass __HOST__-wordpress:9000;

            # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            # TODO is hardcoded document root safe???
            fastcgi_param SCRIPT_FILENAME /var/www/wordpress$fastcgi_script_name;
            include fastcgi_params;
        }

    }
}