user {{ nginx_user }};
worker_processes {{ nginx_worker_processes }};
{% if nginx_log_backend == 'journald' %}
error_log syslog:server=unix:/dev/log,nohostname;
{% else %}
error_log /var/log/nginx/error.log;
{% endif %}
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

{% if nginx_forwarder and nginx_forwarder | length > 0 %}
# Load stream module for TCP/UDP proxying
load_module modules/ngx_stream_module.so;
{% endif %}

events {
    worker_connections {{ nginx_worker_connections }};
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

{% if nginx_log_backend == 'journald' %}
    access_log syslog:server=unix:/dev/log,nohostname main;
{% else %}
    access_log  /var/log/nginx/access.log  main;
{% endif %}

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;
    client_max_body_size {{ nginx_client_max_body_size }};

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Gzip compression
    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types text/plain text/css text/xml text/javascript application/json application/javascript application/xml+rss application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml;

    # SSL configuration
    ssl_protocols {{ nginx_ssl_protocols }};
    ssl_prefer_server_ciphers on;

    # Load modular configuration files from the conf.d directory
    include {{ nginx_conf_dir }}/*.conf;
}

{% if nginx_forwarder and nginx_forwarder | length > 0 %}
# Stream block for TCP/UDP proxying
stream {
    # Load stream configurations
    include {{ nginx_streams_dir }}/*.conf;
}
{% endif %}