worker_processes  auto;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;
    tcp_nopush     on;

    keepalive_timeout  65;

    server {
        listen 80;

        root /var/cache/pacman/aurto;

        auth_basic "Restricted";
        auth_basic_user_file /etc/nginx/.htpasswd;

        # gzip
        gzip on;
        gzip_types *;

        # IP detection
        set_real_ip_from  0.0.0.0/0;
        real_ip_header X-Forwarded-For;

        # Kick malicious clients sooner
        client_header_timeout 10s;
        client_body_timeout 10s;
        client_max_body_size 128k;
        reset_timedout_connection on;
        sendfile_max_chunk 1m;
        keepalive_timeout 65;

        # Ensure 403s respond with 404
        error_page 403 /dev/null;
    }
}