From fcc1462a89253e609f6a31142913541b2551e700 Mon Sep 17 00:00:00 2001
From: seonghobae <seongho@kw.ac.kr>
Date: Mon, 2 Sep 2019 19:55:23 +0900
Subject: [PATCH 1/5] load_module: fix typos and add tabs

---
 debian/nginx.conf | 111 +++++++++++++++++++++++++++-------------------
 1 file changed, 66 insertions(+), 45 deletions(-)

diff --git a/debian/nginx.conf b/debian/nginx.conf
index 8f8df71..6719432 100644
--- a/debian/nginx.conf
+++ b/debian/nginx.conf
@@ -2,52 +2,73 @@ user www-data;
 # www-data for php-fpm, nginx user works with static content only
 worker_processes auto;
 pid /var/run/nginx.pid;
+
 # Note: Use only modules you need to use. With dynamic modules this is pretty easy.
-#load_module modules/ndk_http_module.so;
-#load_module modules/ngx_http_geoip_module.so;
-#load_module modules/ngx_stream_geoip_module.so;
-#load_module modules/ngx_http_headers_more_filter_module.so;
-#load_module modules/ngx_http_image_filter_module.so;
-#load_module modules/ngx_http_length_hiding_filter_module.so;
-#load_module modules/ngx_http_lua_module.so;
-#load_module modules/ngx_http_naxsi_module.so;
-#load_module modules/ngx_http_js_module.so;
-#load_module modules/ngx_stream_js_module.so;
-#load_module modules/ngx_pagespeed.so;
-#load_module modules/ngx_http_perl_module.so;
-#load_module modules/ngx_stream_module.so;
-#load_module modules/ngx_mail_module.so;
-#load_module modules/ngx_http_rds_json_filter_module.so;
-#load_module modules/ngx_http_session_binding_proxy_module.so;
-#load_module modules/ngx_http_testcookie_access_module.so;
-#load_module modules/ngx_http_upstream_order_module.so;
-#load_module modules/ngx_http_xslt_filter_module.so;
-## ngx_brotli filter module - used to compress responses on-the-fly.
-#load_module modules/ngx_http_brotli_filter_module.so;
-## ngx_brotli static module - used to serve pre-compressed files.
-## Both ngx_brotli modules could be used separately, but part of nginx-module-brotli package
-#load_module modules/ngx_http_brotli_static_module.so;
-#load_module modules/ngx_postgres_module.so;
-#load_module modules/ngx_nchan_module.so;
-#load_module modules/ngx_http_auth_pam_module.so;
-#load_module modules/ngx_http_echo_module.so;
-#load_module modules/ngx_http_upstream_fair_module.so;
-#load_module modules/ngx_http_cache_purge_module.so;
-#load_module modules/ngx_http_fancyindex_module.so;
-#load_module modules/ngx_http_uploadprogress_module.so;
-#load_module modules/ngx_http_subs_filter_module.so;
-#load_module modules/ngx_http_graphite_module.so;
-#load_module modules/ngx_http_vhost_traffic_status_module.so;
-#load_module modules/ngx_ssl_ct_module.so 
-#load_module modules/ngx_http_ssl_ct_module.so 
-#load_module modules/ngx_mail_ssl_ct_module.so 
-#load_module modules/ngx_stream_ssl_ct_module.so
-#load_module modules/ngx_rtmp_module.so;
-#load_module modules/ngx_http_ts_module.so.so;
-#load_module modules/ngx_http_stream_server_traffic_status_module.so;
-#load_module modules/ngx_stream_server_traffic_status_module.so;
-#load_module modules/ngx_http_geoip2_module.so;
-#load_module modules/ngx_stream_geoip2_module.so;
+
+    # HTTP related modules first
+        #load_module modules/ndk_http_module.so;
+        #load_module modules/ngx_http_headers_more_filter_module.so;
+        #load_module modules/ngx_http_image_filter_module.so;
+        #load_module modules/ngx_http_length_hiding_filter_module.so;
+        #load_module modules/ngx_http_lua_module.so;
+        #load_module modules/ngx_http_naxsi_module.so;
+        #load_module modules/ngx_http_js_module.so;
+        #load_module modules/ngx_http_perl_module.so;
+        #load_module modules/ngx_http_rds_json_filter_module.so;
+        #load_module modules/ngx_http_session_binding_proxy_module.so;
+        #load_module modules/ngx_http_testcookie_access_module.so;
+        #load_module modules/ngx_http_xslt_filter_module.so;
+        #load_module modules/ngx_http_auth_pam_module.so;
+        #load_module modules/ngx_http_echo_module.so;
+        #load_module modules/ngx_http_cache_purge_module.so;
+        #load_module modules/ngx_http_fancyindex_module.so;
+        #load_module modules/ngx_http_uploadprogress_module.so;
+        #load_module modules/ngx_http_subs_filter_module.so;
+        #load_module modules/ngx_http_graphite_module.so;
+        #load_module modules/ngx_http_ts_module.so;
+        
+        ## ngx_brotli filter module - used to compress responses on-the-fly.
+            #load_module modules/ngx_http_brotli_filter_module.so;
+        ## ngx_brotli static module - used to serve pre-compressed files.
+        ## Both ngx_brotli modules could be used separately, but part of nginx-module-brotli package
+            #load_module modules/ngx_http_brotli_static_module.so;
+        
+    # GeoIP related
+        #load_module modules/ngx_http_geoip_module.so;
+        #load_module modules/ngx_stream_geoip_module.so;
+        #load_module modules/ngx_http_geoip2_module.so;
+        #load_module modules/ngx_stream_geoip2_module.so;
+    
+    # TCP Stream related modules
+        #load_module modules/ngx_stream_module.so;
+        #load_module modules/ngx_stream_js_module.so;
+        #load_module modules/ngx_http_stream_server_traffic_status_module.so;
+        #load_module modules/ngx_stream_server_traffic_status_module.so;
+        
+    # Upstream related modules
+        #load_module modules/ngx_http_upstream_fair_module.so;
+        #load_module modules/ngx_http_upstream_order_module.so;
+        
+    # Mail related modules
+        #load_module modules/ngx_mail_module.so;
+        
+    # SSL
+        #load_module modules/ngx_ssl_ct_module.so;
+        #load_module modules/ngx_http_ssl_ct_module.so 
+        #load_module modules/ngx_mail_ssl_ct_module.so;
+        #load_module modules/ngx_stream_ssl_ct_module.so;
+        
+    # Webpage optimization
+        #load_module modules/ngx_pagespeed.so;
+        #load_module modules/ngx_http_vhost_traffic_status_module.so;
+    
+    # Database    
+        #load_module modules/ngx_postgres_module.so;
+    
+    # ETC
+        #load_module modules/ngx_nchan_module.so;
+        #load_module modules/ngx_rtmp_module.so;
+    
 
 events {
     worker_connections 768;

From f0597f6f92abc2d3f76e9cd6a5d4c97d288b4609 Mon Sep 17 00:00:00 2001
From: seonghobae <seongho@kw.ac.kr>
Date: Mon, 2 Sep 2019 19:56:05 +0900
Subject: [PATCH 2/5] load_module: add semicolon again

---
 debian/nginx.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/nginx.conf b/debian/nginx.conf
index 6719432..56f36b0 100644
--- a/debian/nginx.conf
+++ b/debian/nginx.conf
@@ -54,7 +54,7 @@ pid /var/run/nginx.pid;
         
     # SSL
         #load_module modules/ngx_ssl_ct_module.so;
-        #load_module modules/ngx_http_ssl_ct_module.so 
+        #load_module modules/ngx_http_ssl_ct_module.so;
         #load_module modules/ngx_mail_ssl_ct_module.so;
         #load_module modules/ngx_stream_ssl_ct_module.so;
         

From 78965c3611bb6300d078f60b328023c84b578012 Mon Sep 17 00:00:00 2001
From: seonghobae <seongho@kw.ac.kr>
Date: Mon, 2 Sep 2019 20:00:04 +0900
Subject: [PATCH 3/5] add more tabs and short descriptions

---
 debian/nginx.conf | 97 ++++++++++++++++++++++++++---------------------
 1 file changed, 53 insertions(+), 44 deletions(-)

diff --git a/debian/nginx.conf b/debian/nginx.conf
index 56f36b0..67de555 100644
--- a/debian/nginx.conf
+++ b/debian/nginx.conf
@@ -88,55 +88,64 @@ http {
     ignore_invalid_headers on;
 
     # Decrease default timeouts to drop slow clients
-    keepalive_timeout 40s;
-    send_timeout 20s;
-    client_header_timeout 20s;
-    client_body_timeout 20s;
-    reset_timedout_connection on;
+        keepalive_timeout 40s;
+        send_timeout 20s;
+        client_header_timeout 20s;
+        client_body_timeout 20s;
+        reset_timedout_connection on;
 
-    server_names_hash_bucket_size 64;
+    # Hash sizes
+        server_names_hash_bucket_size 64;
 
-    default_type  application/octet-stream;
-    include /etc/nginx/mime.types;
+    # mine types
+        default_type  application/octet-stream;
+        include /etc/nginx/mime.types;
 
-    log_format main '$remote_addr - $remote_user [$time_local] "$request" $status $bytes_sent "$http_referer" "$http_user_agent" "$gzip_ratio"';
-    access_log /var/log/nginx/access.log main;
-    error_log /var/log/nginx/error.log warn;
+    # log
+        log_format main '$remote_addr - $remote_user [$time_local] "$request" $status $bytes_sent "$http_referer" "$http_user_agent" "$gzip_ratio"';
+        access_log /var/log/nginx/access.log main;
+        error_log /var/log/nginx/error.log warn;
 
     # Limits
-    limit_req_zone  $binary_remote_addr  zone=dos_attack:20m   rate=30r/m;
-
-    gzip on;
-    gzip_disable "msie6";
-    gzip_vary off;
-    gzip_proxied any;
-    gzip_comp_level 2;
-    gzip_min_length 1000;
-    gzip_buffers 16 8k;
-    gzip_http_version 1.1;
-    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/atom+xml;
+        limit_req_zone  $binary_remote_addr  zone=dos_attack:20m   rate=30r/m;
+    
+    # Gzip
+        gzip on;
+        gzip_disable "msie6";
+        gzip_vary off;
+        gzip_proxied any;
+        gzip_comp_level 2;
+        gzip_min_length 1000;
+        gzip_buffers 16 8k;
+        gzip_http_version 1.1;
+        gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/atom+xml;
+    
+    # Brotli
+        # brotli on;
+        # brotli_static on;
 
     # Virtual Host Configs
-    include /etc/nginx/sites-enabled/*.conf;
-
-    # Only allow save protocols
-    #ssl_protocols TLSv1.2 TLSv1.3;
-    # Prefer server side protocols for SSLv3 and TLSv1
-    #ssl_prefer_server_ciphers on;
-    #ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";
-    # SSL session cache
-    #ssl_session_cache shared:SSL:50m;
-    #ssl_session_timeout 5m;
-    #ssl_buffer_size 4k;
-    #ssl_session_tickets on;
-
-    # Problem with sect571 and ecdhe ciphers
-    #ssl_ecdh_curve secp384r1:secp521r1;
-
-    #add_header Content-Security-Policy "";
-    #add_header Strict-Transport-Security "max-age=15768000;includeSubDomains;preload";
-    #add_header X-Frame-Options DENY;
-    #add_header X-Content-Type-Options nosniff;
-    #add_header X-XSS-Protection "1; mode=block";
-    #add_header Public-Key-Pins '';
+        include /etc/nginx/sites-enabled/*.conf;
+
+    # SSL and HSTS
+        # Only allow save protocols
+            # ssl_protocols TLSv1.2 TLSv1.3;
+        # Prefer server side protocols for SSLv3 and TLSv1
+            # ssl_prefer_server_ciphers on;
+            # ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";
+        # SSL session cache
+            # ssl_session_cache shared:SSL:50m;
+            # ssl_session_timeout 5m;
+            # ssl_buffer_size 4k;
+            # ssl_session_tickets on;
+
+        # Problem with sect571 and ecdhe ciphers
+            # ssl_ecdh_curve secp384r1:secp521r1;
+
+        # add_header Content-Security-Policy "";
+        # add_header Strict-Transport-Security "max-age=15768000;includeSubDomains;preload";
+        # add_header X-Frame-Options DENY;
+        # add_header X-Content-Type-Options nosniff;
+        # add_header X-XSS-Protection "1; mode=block";
+        # add_header Public-Key-Pins '';
 }

From 9cf88bf896d6f2c8f23c9fcace38ff0eb3952509 Mon Sep 17 00:00:00 2001
From: seonghobae <seongho@kw.ac.kr>
Date: Mon, 2 Sep 2019 20:04:26 +0900
Subject: [PATCH 4/5] provide optional tuning parameters

---
 debian/nginx.conf | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/debian/nginx.conf b/debian/nginx.conf
index 67de555..312ef47 100644
--- a/debian/nginx.conf
+++ b/debian/nginx.conf
@@ -72,6 +72,8 @@ pid /var/run/nginx.pid;
 
 events {
     worker_connections 768;
+    # multi_accept  on;
+    # use epoll;
 }
 
 # Separate stream location files
@@ -80,12 +82,12 @@ include /etc/nginx/sites-enabled/*.stream;
 http {
 
     # Basic Settings
-    sendfile on;
-    tcp_nopush on;
-    tcp_nodelay on;
-    types_hash_max_size 2048;
-    server_tokens off;
-    ignore_invalid_headers on;
+        sendfile on;
+        tcp_nopush on;
+        tcp_nodelay on;
+        types_hash_max_size 2048;
+        server_tokens off;
+        ignore_invalid_headers on;
 
     # Decrease default timeouts to drop slow clients
         keepalive_timeout 40s;
@@ -101,6 +103,9 @@ http {
         default_type  application/octet-stream;
         include /etc/nginx/mime.types;
 
+    # aio threads
+        # aio threads=default;
+
     # log
         log_format main '$remote_addr - $remote_user [$time_local] "$request" $status $bytes_sent "$http_referer" "$http_user_agent" "$gzip_ratio"';
         access_log /var/log/nginx/access.log main;

From a4317ba4b4295aa4427f7402b9c6d64924b83b67 Mon Sep 17 00:00:00 2001
From: seonghobae <seongho@kw.ac.kr>
Date: Tue, 3 Sep 2019 14:02:48 +0900
Subject: [PATCH 5/5] load_module: add ngx_http_proxy_connect_module (related
 #37)

---
 debian/nginx.conf | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/debian/nginx.conf b/debian/nginx.conf
index 312ef47..02b9796 100644
--- a/debian/nginx.conf
+++ b/debian/nginx.conf
@@ -38,7 +38,10 @@ pid /var/run/nginx.pid;
         #load_module modules/ngx_stream_geoip_module.so;
         #load_module modules/ngx_http_geoip2_module.so;
         #load_module modules/ngx_stream_geoip2_module.so;
-    
+        
+    # HTTPS PROXY related
+        #load_module modules/ngx_http_proxy_connect_module.so;
+        
     # TCP Stream related modules
         #load_module modules/ngx_stream_module.so;
         #load_module modules/ngx_stream_js_module.so;