user nobody;
pid /var/run/nginx.pid;

worker_processes auto;
worker_rlimit_nofile 100000;

events {
	worker_connections 9000;
	multi_accept on;
}

http {
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;

	server_tokens off;
	server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	# reset timed out connections freeing ram
	reset_timedout_connection on;
	# maximum time between packets the client can pause when sending nginx any data
	client_body_timeout 10s;
	# maximum time the client has to send the entire header to nginx
	client_header_timeout 10s;
	# timeout which a single keep-alive client connection will stay open
	keepalive_timeout 69s;
	# maximum time between packets nginx is allowed to pause when sending the client data
	send_timeout 69s;

	# number of requests per connection, does not affect SPDY
	keepalive_requests 1337;

	# enable gzip compression
	gzip on;
	gzip_vary on;
	gzip_comp_level 6;
	gzip_min_length 1000;
	gzip_proxied expired no-cache no-store private auth;
	# text/html is always compressed by gzip module
	gzip_types application/javascript application/json application/ld+json application/manifest+json application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard;

	# limit request body size
	client_max_body_size 10m;

	# proxy cache
	proxy_cache off;
	proxy_cache_path /var/cache/nginx keys_zone=cache:20m levels=1:2 inactive=600s max_size=500m;
	types_hash_max_size 2048;

	# exempt localhost from rate limit
	geo $limited_ip {
		default		1;
		127.0.0.1	0;
	}
	map $limited_ip $limited_ip_key {
		1 $binary_remote_addr;
		0 '';
	}

	# rate limit requests
	limit_req_zone $limited_ip_key zone=api:5m rate=200r/m;
	limit_req_zone $limited_ip_key zone=electrs:5m rate=2000r/m;
	limit_req_status 429;

	# rate limit connections
	limit_conn_zone $limited_ip_key zone=websocket:10m;
	limit_conn_status 429;

	map $http_accept_language $header_lang {
		default en-US;
		~*^en-US en-US;
		~*^en en-US;
	        ~*^ar ar;
	        ~*^ca ca;
	        ~*^cs cs;
	        ~*^de de;
	        ~*^es es;
	        ~*^fa fa;
	        ~*^fr fr;
	        ~*^ko ko;
	        ~*^it it;
	        ~*^he he;
	        ~*^ka ka;
	        ~*^hu hu;
	        ~*^mk mk;
	        ~*^nl nl;
	        ~*^ja ja;
	        ~*^nb nb;
	        ~*^pl pl;
	        ~*^pt pt;
	        ~*^ro ro;
	        ~*^ru ru;
	        ~*^sl sl;
	        ~*^fi fi;
	        ~*^sv sv;
	        ~*^th th;
	        ~*^tr tr;
	        ~*^uk uk;
	        ~*^vi vi;
	        ~*^zh zh;
	        ~*^hi hi;
	}

	map $cookie_lang $lang {
		default $header_lang;
		~*^en-US en-US;
		~*^en en-US;
	        ~*^ar ar;
	        ~*^ca ca;
	        ~*^cs cs;
	        ~*^de de;
	        ~*^es es;
	        ~*^fa fa;
	        ~*^fr fr;
	        ~*^ko ko;
	        ~*^it it;
	        ~*^he he;
	        ~*^ka ka;
	        ~*^hu hu;
	        ~*^mk mk;
	        ~*^nl nl;
	        ~*^ja ja;
	        ~*^nb nb;
	        ~*^pl pl;
	        ~*^pt pt;
	        ~*^ro ro;
	        ~*^ru ru;
	        ~*^sl sl;
	        ~*^fi fi;
	        ~*^sv sv;
	        ~*^th th;
	        ~*^tr tr;
	        ~*^uk uk;
	        ~*^vi vi;
	        ~*^zh zh;
	        ~*^hi hi;
	}

	server {
		listen 127.0.0.1:80;
		include /etc/nginx/nginx-mempool.conf;
	}
}