user zulip;

daemon off;

worker_processes auto;
pid /var/run/nginx.pid;

worker_rlimit_nofile 40000;
events {
    worker_connections 40000;

    use epoll;

    multi_accept on;
}

http {
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    client_max_body_size 25m;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    reset_timedout_connection on;

    gzip on;
    gzip_disable "msie6";

    # Select a Connection header for sockjs reverse-proxying
    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
    }
    # These are the official ciphers as of 2014-10-14
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers  EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:EECDH+RC4:RSA+RC4:!MD5;


    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}