user  ${username};
worker_processes  ${worker_processes};

pid        /var/run/nginx.pid;


events {
    worker_connections  ${worker_connections};
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    charset UTF-8;
    override_charset on;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  15;
    client_body_timeout 12;
    client_header_timeout 12;
    send_timeout 10;

    access_log off;
    error_log off;

    client_body_buffer_size 16K;
    client_header_buffer_size 4k;
    client_max_body_size 1M;
    large_client_header_buffers 4 8k;

    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
    }

    # GDPR compatible IP smashinator 5000000
    map $remote_addr $ip_anonym1 {
        default 0.0.0;
        "~(?P<ip>(\d+)\.(\d+))\.(\d+)\.\d+" $ip;
        "~(?P<ip>[^:]+:[^:]+):" $ip;
    }
    map $remote_addr $ip_anonym2 {
        default .0.0;
        "~(?P<ip>(\d+)\.(\d+)\.(\d+))\.\d+" .0.0;
        "~(?P<ip>[^:]+:[^:]+):" ::;
    }
    map $ip_anonym1$ip_anonym2 $ip_anonymized {
        default 0.0.0.0;
        "~(?P<ip>.*)" $ip;
    }

    log_format gdpr '$ip_anonymized - $remote_user [$time_local] '
        '"$request" $status $body_bytes_sent '
        '"<stripped>" "$http_user_agent"';

    log_format anon_timing '[$time_local] $request_time $upstream_response_time "$request" $status';

    include /etc/nginx/sites/*;
}