# Set another default user than root for security reasons
user       www www;

# As a thumb rule: One per CPU. If you are serving a large amount
# of static files, which requires blocking disk reads, you may want
# to increase this from the number of cpu_cores available on your
# system.
#
# The maximum number of connections for Nginx is calculated by:
# max_clients = worker_processes * worker_connections
worker_processes 3;
daemon off;

# Maximum file descriptors that can be opened per process
# This should be > worker_connections
worker_rlimit_nofile 8192;

events {
  # When you need > 8000 * cpu_cores connections, you start optimizing
  # your OS, and this is probably the point at where you hire people
  # who are smarter than you, this is *a lot* of requests.
  worker_connections  8000;
}

http {
  # Set the mime-types via the mime.types external file
  include       mime.types;

  # And the fallback mime-type
  default_type  application/octet-stream;

  # Hide nginx version
  server_tokens off;

  # ~2 seconds is often enough for HTML/CSS, but connections in
  # Nginx are cheap, so generally it's safe to increase it
  keepalive_timeout 20;

  sendfile on;

  tcp_nopush on; # off may be better for Comet/long-poll stuff
  tcp_nodelay off; # on may be better for Comet/long-poll stuff

  # Enable Gzip:
  gzip on;
  gzip_http_version 1.0;
  gzip_comp_level 5;
  gzip_min_length 512;
  gzip_buffers 4 8k;
  gzip_proxied any;
  gzip_types
    # text/html is always compressed by HttpGzipModule
    text/css
    text/plain
    text/x-component
    application/javascript
    application/json
    application/xml
    application/xhtml+xml
    application/x-font-ttf
    application/x-font-opentype
    application/vnd.ms-fontobject
    image/svg+xml
    image/x-icon;

  # This should be turned on if you are going to have pre-compressed copies (.gz) of
  # static files available. If not it should be left off as it will cause extra I/O
  # for the check. It would be better to enable this in a location {} block for
  # a specific directory:
  # gzip_static on;

  gzip_disable "msie6";
  gzip_vary on;

  server {
    listen <%= ENV['PORT'] %>;

    # The host name to respond to
    server_name      dev.ripple.com;

    # Path for static files
    root www;

    #Specify a charset
    charset utf-8;

    # Custom 404 page
    error_page 404 /404.html;

    if ($http_x_forwarded_proto != "https") {
      rewrite ^(.*)$ https://$server_name$1 permanent;
    }

    # Expire rules for static content

    # Built-in filename-based cache busting

    # https://github.com/h5bp/html5-boilerplate/blob/5370479476dceae7cc3ea105946536d6bc0ee468/.htaccess#L403
    # This will route all requests for /css/style.20120716.css to /css/style.css
    # Read also this: github.com/h5bp/html5-boilerplate/wiki/cachebusting
    # This is not included by default, because it'd be better if you use the build
    # script to manage the file names.
    location ~* (.+)\.(\d+)\.(js|css|png|jpg|jpeg|gif)$ {
       try_files $uri $1.$3;
    }

    # No default expire rule. This config mirrors that of apache as outlined in the
    # html5-boilerplate .htaccess file. However, nginx applies rules by location,
    # the apache rules are defined by type. A concequence of this difference is that
    # if you use no file extension in the url and serve html, with apache you get an
    # expire time of 0s, with nginx you'd get an expire header of one month in the
    # future (if the default expire rule is 1 month). Therefore, do not use a
    # default expire rule with nginx unless your site is completely static

    # cache.appcache, your document html and data
    location ~* \.(?:manifest|appcache|html|xml|json)$ {
      expires -1;
      access_log logs/static.log;
    }

    # Feed
    location ~* \.(?:rss|atom)$ {
      expires 1h;
      add_header Cache-Control "public";
    }

    # Favicon
    location ~* \.ico$ {
      expires 1w;
      access_log off;
      add_header Cache-Control "public";
    }

    # Media: images, video, audio, HTC
    location ~* \.(?:jpg|jpeg|gif|png|ico|gz|svg|svgz|mp4|ogg|ogv|webm)$ {
      expires 1M;
      access_log off;
      add_header Cache-Control "public";
    }

    # CSS and Javascript
    location ~* \.(?:css|js)$ {
      expires 1y;
      access_log off;
      add_header Cache-Control "public";
    }

    # Cross domain webfont access
    location ~* \.(ttf|ttc|otf|eot|woff|font.css)$ {
        add_header "Access-Control-Allow-Origin" "*";

        # Also, set cache rules for webfonts.
        #
        # See http://wiki.nginx.org/HttpCoreModule#location
        # And https://github.com/h5bp/server-configs/issues/85
        # And https://github.com/h5bp/server-configs/issues/86
        expires 1M;
        access_log off;
        add_header Cache-Control "public";
    }

    # Force the latest IE version
    # Use ChromeFrame if it's installed for a better experience for the poor IE folk
    add_header "X-UA-Compatible" "IE=Edge,chrome=1";

    # Prevent clients from accessing hidden files (starting with a dot)
    location ~* (^|/)\. {
        return 403;
    }

    # Prevent clients from accessing to backup/config/source files
    location ~* (\.(bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$ {
        return 403;
    }

    # Prevent mobile network providers from modifying your site
    add_header "Cache-Control" "no-transform";

  }
}