| #/* |
| # * Copyright (c) 2012 Adobe Systems Incorporated. All rights reserved. |
| # * |
| # * Permission is hereby granted, free of charge, to any person obtaining a |
| # * copy of this software and associated documentation files (the "Software"), |
| # * to deal in the Software without restriction, including without limitation |
| # * the rights to use, copy, modify, merge, publish, distribute, sublicense, |
| # * and/or sell copies of the Software, and to permit persons to whom the |
| # * Software is furnished to do so, subject to the following conditions: |
| # * |
| # * The above copyright notice and this permission notice shall be included in |
| # * all copies or substantial portions of the Software. |
| # * |
| # * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
| # * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
| # * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
| # * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
| # * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING |
| # * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER |
| # * DEALINGS IN THE SOFTWARE. |
| # * |
| # */ |
| include /etc/api-gateway/naxsi_core.rules; |
| |
| |
| server_names_hash_bucket_size 128; |
| |
| # Sendfile copies data between one FD and other from within the kernel. |
| # More efficient than read() + write(), since the requires transferring data to and from the user space. |
| sendfile on; |
| |
| # Tcp_nopush causes nginx to attempt to send its HTTP response head in one packet, |
| # instead of using partial frames. This is useful for prepending headers before calling sendfile, |
| # or for throughput optimization. |
| tcp_nopush on; |
| |
| # Caches information about open FDs, freqently accessed files. |
| open_file_cache max=200000 inactive=20s; |
| open_file_cache_valid 30s; |
| open_file_cache_min_uses 2; |
| open_file_cache_errors on; |
| |
| # allow the server to close the connection after a client stops responding. Frees up socket-associated memory. |
| reset_timedout_connection on; |
| |
| #gzip on; |
| |
| |
| # be prepared to load any custom lua scripts from /etc/api-gateway/scripts |
| lua_package_path '/etc/api-gateway/scripts/lua/?.lua;;'; |
| init_worker_by_lua_file /etc/api-gateway/scripts/lua/api_gateway_init.lua; |
| |
| lua_shared_dict cachedkeys 50m; # caches api-keys |
| lua_shared_dict cachedOauthTokens 50m; # caches OAuth tokens |
| lua_shared_dict cachedUserProfiles 50m; # caches user profiles |
| lua_shared_dict healthcheck_redis 1m; # used by lua health_check for redis cache |