# /etc/nginx/nginx.conf
# worker_processes 4; # one per proc "grep processor /proc/cpuinfo | wc -l"
# worker_connections 1024;
# SSL https://certbot.eff.org/
# 11 11 * * * certbot renew --post-hook "service nginx restart"

server {
    listen 80;
    server_name .domain.com;
    return 301 https://$host$request_uri;
}

server {
  server_name .stemical.com;

  root $ROOT/public;
  error_log $ROOT/log/nginx-error.log;

  passenger_enabled on;
  passenger_friendly_error_pages on;

  client_body_timeout 12;
  client_body_in_file_only clean;
  client_body_buffer_size 32K;     # form POST
  client_header_timeout 12;
  client_max_body_size 50M;
  keepalive_timeout 20;
  send_timeout 10;
  sendfile on;

  gzip             on;
  gzip_comp_level  2;
  gzip_min_length  1000;
  gzip_proxied     expired no-cache no-store private auth;
  gzip_types       text/plain application/x-javascript text/xml text/css application/xml;

  access_log off;

  # ssl_session_timeout 1d;
  ssl_session_cache shared:SSL:50m;
  ssl_stapling on;
  ssl_stapling_verify on;

  location = /favicon.ico {
      log_not_found off;
      access_log    off;
  }

  location ^~ /assets/ {
      gzip_static on;
      expires max;
      add_header Cache-Control public;
  }

  location ^~ /.well-known {
    allow all;
    default_type "text/plain";
    root $ROOT/public;
  }
}