user nginx;
worker_processes 2;  # Set this equal to the number of CPU cores
events { worker_connections 1024; }
http {
    server_names_hash_bucket_size 64;
    types_hash_max_size 2048;
    server_tokens off;
    include mime.types;
    default_type application/octet-stream;
    sendfile on;
    keepalive_timeout  15;
    gzip on;
    gzip_comp_level 6;
    gzip_disable "msie6";
    gzip_min_length 150;
    gzip_proxied any;
    gzip_types text/plain text/xml text/css application/json application/javascript;
    gzip_vary on;
    proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=one:8m max_size=1000M inactive=60m;
    proxy_temp_path /var/tmp;
    client_max_body_size 20m;
    client_body_buffer_size 128k;

    ModSecurityEnabled on;
    ModSecurityConfig modsecurity.conf;

    upstream ghost_upstream {
        server 127.0.0.1:2368;
        keepalive 64;
    }

    server {  
    listen 80;
    server_name  slarker.me;
    return       301 https://designer.moe$request_uri;
    }

    server {  
    listen 443 ssl;
    server_name  designer.moe;

        ssl_certificate /opt/nginx/conf/designer.moe.crt;
        ssl_certificate_key /opt/nginx/conf/designer.moe.key;

        # Due to the SSLv3 POODLE vulnerability, it is excluded from the protocol list.
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers RC4:HIGH:!MEDIUM:!aNULL:!MD5:!DH:!EDH;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout 10m;

        if ($request_method !~ ^(GET|HEAD|POST|PUT|DELETE)$ ) { return 444; }
        if ($host != $server_name) {
            return 301 $scheme://$server_name$request_uri;
        }

        location ~* \.(db|hbs|conf)$  { deny all; }
        location ~ /\. { deny all; }
        location ~ ~$  { deny all; }

        # Uncomment this block if you wish to use your own files
        # instead of those auto-generated by Ghost blog
        # location ~ ^/(sitemap\.xml|robots\.txt|favicon\.ico)$ {
        #     root /var/www/designer.moe/public;
        #     access_log off;
        #     log_not_found off;
        # }

        # Static files served directly by Nginx
        location ~ ^/assets/(img|js|css|fonts)/  {
            root /var/www/designer.moe/content/themes/casper;
            expires 30d;
            access_log off;
        }

        location ~ ^/(img/|css/|lib/|vendor/|fonts/) {
            root /var/www/designer.moe/core/client/assets;
            expires 30d;
            access_log off;
        }

        location ~ ^/content/images/ {
            root /var/www/designer.moe;
            expires 30d;
            access_log off;
        }

        location ~ ^/(shared/|built/) {
            root /var/www/designer.moe/core;
            expires 30d;
            access_log off;
        }

        location / {

            proxy_pass http://ghost_upstream;
            proxy_redirect off;
            proxy_read_timeout 180s;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Host $http_host;
            proxy_set_header X-NginX-Proxy true;
            proxy_set_header Connection "";
            proxy_pass_header X-CSRF-TOKEN;
            proxy_http_version 1.1;
            proxy_cache one;
            proxy_cache_key "$scheme$host$request_uri";
            proxy_cache_valid 200 10m;
            proxy_cache_valid 404 1m;
            proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
            proxy_intercept_errors on;
            proxy_hide_header X-Powered-By;
        }

        location = /50x.html { root html; internal; }
        #error_page   404 /404.html;
        error_page   500 502 503 504  /50x.html;
    }
}