Add main nginx configuration

Credits to https://github.com/h5bp/server-configs-nginx

Author: krenor

.editorconfig

@@ -13,7 +13,7 @@ insert_final_newline = true
 indent_style = space
 indent_size = 4
 
-[*.{js,json,yaml,yml}]
+[*.{conf,js,json,yaml,yml}]
 indent_style = space
 indent_size = 2
 

docker-compose.yml

@@ -4,7 +4,9 @@ services:
 
   ## Nginx Container ###########
   nginx:
-    build: ./nginx
+    build:
+      context: .
+      dockerfile: ./nginx/Dockerfile
     ports:
       - "8080:80"
     depends_on:

nginx/Dockerfile

@@ -3,8 +3,15 @@ FROM nginx:1.13-alpine
 RUN apk upgrade --update && \
     adduser -D -H -u 1000 -s /bin/sh www-data
 
+# Load main nginx configuration.
+COPY ./nginx/nginx.conf \
+     /etc/nginx/
+
+# Set default working directory.
 WORKDIR /var/www
 
+# Expose the ports inside the container itself.
 EXPOSE 80 443
 
-CMD ["nginx", "-g", "daemon off;"]
+# Start nginx.
+CMD ["nginx"]

nginx/nginx.conf

@@ -0,0 +1,161 @@
+# Run as a unique, less privileged user for security reasons.
+user www-data;
+
+# Sets the worker threads to the number of CPU cores available in the system for best performance.
+# Should be > the number of CPU cores.
+# Maximum number of connections = worker_processes * worker_connections.
+worker_processes auto;
+
+# Maximum number of open files per worker process.
+# Should be > worker_connections.
+worker_rlimit_nofile 4096;
+
+events {
+  # The maximum number of connections that each worker process can handle simultaneously.
+  # The appropriate setting depends on the size of the server and the nature of the traffic.
+  # Should be < worker_rlimit_nofile.
+  worker_connections 1024;
+}
+
+# The file storing the process ID of the main process.
+pid /run/nginx.pid;
+
+# Determines whether nginx should become a daemon.
+daemon off;
+
+http {
+  #------------------------------
+  # Basic
+  #------------------------------
+
+  # Hide nginx version information.
+  server_tokens off;
+
+  # Speed up file transfers by using sendfile() to copy directly
+  # between descriptors rather than using read()/write().
+  # For performance reasons, on FreeBSD systems w/ ZFS
+  # this option should be disabled as ZFS's ARC caches
+  # frequently used files in RAM by default.
+  sendfile on;
+
+  # Don't send out partial frames; this increases throughput
+  # since TCP frames are filled up before being sent out.
+  tcp_nopush on;
+
+  # Bypass Nagle Algorithm and send the data to the sockets buffer as soon as it’s available.
+  tcp_nodelay on;
+
+  # How long to allow each connection to stay idle.
+  # Longer values are better for each individual client, particularly for SSL,
+  # but means that worker connections are tied up longer.
+  keepalive_timeout 25s;
+
+  # Sets the maximum size of the types hash tables.
+  types_hash_max_size 2048;
+
+  # Specify MIME types for files.
+  include /etc/nginx/mime.types;
+
+  # Defines the default MIME type of a response.
+  default_type application/octet-stream;
+
+  #------------------------------
+  # Logging
+  #------------------------------
+
+  # Rich Elasticsearch/Kibana compatible JSON log format.
+  log_format main escape=json
+    '{'
+      '"time": "$time_iso8601",'
+      '"message": "$request",'
+      '"request":{'
+        '"headers":{'
+          '"accept": "$http_accept",'
+          '"content-type": "$content_type",'
+          '"referer": "$http_referer",'
+          '"user-agent": "$http_user_agent",'
+          '"x-forwarded-for": "$http_x_forwarded_for"'
+        '},'
+        '"host": "$host",'
+        '"url": "$request_uri",'
+        '"method": "$request_method",'
+        '"remote_address": "$remote_addr",'
+        '"remote_user": "$remote_user"'
+      '},'
+      '"response":{'
+        '"status": $status,'
+        '"content_length": $body_bytes_sent,'
+        '"response_time": $request_time'
+      '}'
+    '}';
+
+  # Log access to this file.
+  # This is only used when not overwritten on a server{} level.
+  access_log /dev/stdout main;
+
+  # Log errors to this file.
+  # This is only used when not overwritten on a server{} level.
+  error_log /dev/stderr;
+
+  #------------------------------
+  # Gzip
+  #------------------------------
+
+  # Enable gzip compression.
+  gzip on;
+
+  # Compression level (1-9).
+  # 5 is a perfect compromise between size and CPU usage, offering about
+  # 75% reduction for most ASCII files (almost identical to level 9).
+  gzip_comp_level 5;
+
+  # Don't compress anything that's already small and unlikely to shrink much
+  # if at all (the default is 20 bytes, which is bad as that usually leads to
+  # larger files after gzipping).
+  gzip_min_length 256;
+
+  # Compress data even for clients that are connecting via proxies,
+  # identified by the "Via" header (required for CloudFront).
+  gzip_proxied any;
+
+  # Tell proxies to cache both the gzipped and regular version of a resource
+  # whenever the client's Accept-Encoding capabilities header varies;
+  # Avoids the issue where a non-gzip capable client (which is extremely rare
+  # today) would display gibberish if their proxy gave them the gzipped version.
+  gzip_vary on;
+
+  # The minimum HTTP version of a request required to compress a response.
+  gzip_http_version 1.1;
+
+  # Compress all output labeled with one of the following MIME-types.
+  gzip_types
+    application/atom+xml
+    application/javascript
+    application/json
+    application/ld+json
+    application/manifest+json
+    application/rss+xml
+    application/vnd.geo+json
+    application/vnd.ms-fontobject
+    application/x-javascript
+    application/x-font-ttf
+    application/x-web-app-manifest+json
+    application/xhtml+xml
+    application/xml
+    font/opentype
+    image/bmp
+    image/svg+xml
+    image/x-icon
+    text/cache-manifest
+    text/css
+    text/plain
+    text/vcard
+    text/vnd.rim.location.xloc
+    text/vtt
+    text/x-component
+    text/x-cross-domain-policy;
+    #text/html is always compressed by gzip module.
+
+  # Load the individual server configurations.
+  include /etc/nginx/conf.d/*.conf;
+}