D7 custom - decoupled upstreams & limit_zones

[arielsalvo]

Hi!

I've been working on some changes to your D7 branch that you may be interested in and I'd like to hear your feedback.

I started by decoupling the upstream blocks from nginx.conf and the apps config files as I needed to be able to host different applications on the same nginx server while using different backends for each.
I also decoupled the zones (limit_conn_zone, limit_req_zone and microcache zones) so nginx.conf need not be modified when adding or removing one; I need this flexibility to use fail2ban.
I added a blockips.conf file which I also need for fail2ban (but can be used independently of it, of course), as well as map_mobile_useragent.conf which implements the change for the fastcgi_cache_key you documented in https://gist.github.com/perusio/1326701.

Still needs a bit of updating in the documentation of the example vhost but, basically, to select a backend for a vhost you'd just set the variable $upstream_id to the upstream name.

I'm not particularly crazy about the "proxy 0.0.0.0/0;" in the ACLs but I haven't seen any other solution to blocking access to status pages while behind a proxy (maybe it should default to /32 instead to be consistent with the real_ip config).

I've only tested this with PHP 5.5.9-1ubuntu4.5 (fpm-fcgi) and nginx/1.7.7 on Ubuntu 14.04.1, and only with drupal.conf but everything seems to be working as it should.

Looking forward to hearing from you