worker_processes 4;
pid /run/nginx.pid;

events {
	worker_connections 768;
	# multi_accept on;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 2;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##
	access_log /var/log/nginx/access.log;
	#access_log off;
	error_log /var/log/nginx/error.log;

	gzip off; # Does this save any CPU?
	gzip_disable "msie6";

	#Based on Pi-Star's /etc/nginx/sites-enabled/pi-star
	server {
		listen 80 default_server;
		root /var/www/dashboard;

		location ^~ /admin {
			try_files $uri $uri/ =404;
			auth_basic "Restricted";
			auth_basic_user_file /usr/local/etc/htpasswd;
			client_max_body_size 512K;
			#PHP
			location ~ \.php$ {
				fastcgi_index                   index.php;
				try_files                       $uri =404;
				fastcgi_split_path_info         ^(.+\.php)(/.+)$;
				include                         /etc/nginx/fastcgi_params;
				fastcgi_pass                    unix:/run/php7.0-fpm.sock;
				fastcgi_buffer_size             128k;
				fastcgi_buffers                 256     4k;
				fastcgi_busy_buffers_size       256k;
				fastcgi_temp_file_write_size    256k;
				fastcgi_read_timeout            240;
				fastcgi_param                   SCRIPT_FILENAME         $document_root$fastcgi_script_name;
				fastcgi_param                   SCRIPT_NAME             $fastcgi_script_name;
				fastcgi_intercept_errors        on;
				fastcgi_hide_header             X-Powered-By;
			}
                }

		# Load the defaults in /etc/nginx/etc/nginx/default.d/ as Pi-Star. 
		# Caching
		location /favicon.ico {
			log_not_found off;
			access_log off;
		}

		location /robots.txt {
			log_not_found off;
			access_log off;
		}

		location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
			expires max;
			log_not_found off;
		}

		#index
		index index.php index.html index.htm;

		#PHP
		location ~ \.php$ {
			fastcgi_index                   index.php;
			try_files                       $uri =404;
			fastcgi_split_path_info         ^(.+\.php)(/.+)$;
			include                         /etc/nginx/fastcgi_params;
			fastcgi_pass                    unix:/run/php7.0-fpm.sock;
			fastcgi_buffer_size             128k;
			fastcgi_buffers                 256     4k;
			fastcgi_busy_buffers_size       256k;
			fastcgi_temp_file_write_size    256k;
			fastcgi_read_timeout            240;
			fastcgi_param                   SCRIPT_FILENAME         $document_root$fastcgi_script_name;
			fastcgi_param                   SCRIPT_NAME             $fastcgi_script_name;
			fastcgi_intercept_errors        on;
			fastcgi_hide_header             X-Powered-By;
		}

		#security
		client_body_buffer_size             1k;
		client_header_buffer_size           1k;
		client_max_body_size                1k;
		large_client_header_buffers 2       1k;

		if ($request_method !~ ^(GET|HEAD|POST)$ )
		{
		return 444;
		}

		server_tokens                       off;
		add_header X-Frame-Options  "SAMEORIGIN";

		location ~ /\. {
		access_log      off;
		log_not_found   off;
		deny            all;
		}

		# deny access to .htaccess files, if Apache's document root
		# concurs with nginx's one

		location ~ /\.ht {
		deny  all;
		}

		location ~ /\.git {
			deny all;
		}

	}
}