paulbsd-salt/states/nginx/templates/nginx.conf.j2

## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
{%- from "nginx/map.jinja" import nginx with context %}

{%- if nginx.config.geoip %}
load_module modules/ngx_http_geoip2_module.so;
{%- endif%}
{%- if nginx.config.webdav %}
load_module modules/ngx_http_dav_ext_module.so;
{%- endif%}
{%- if nginx.config.lua %}
load_module modules/ndk_http_module.so;
load_module modules/ngx_http_lua_module.so;
{%- endif%}

user {{ nginx.config.user }};

worker_processes {{ nginx.config.workers }};

error_log /var/log/nginx/error.log;
error_log syslog:server=localhost:514 info;

events {
  worker_connections 1024;
}

http {
  include access;
  include fastcgi_params;
  include proxy_params;
  include mime.types;
  include ssl_params;
  charset utf-8;

  types_hash_bucket_size 256;
  types_hash_max_size    2048;

  real_ip_header proxy_protocol;
  set_real_ip_from 127.0.0.1;
  set_real_ip_from ::1;

  {%- if nginx.config.geoip %}
  geoip2 /usr/share/GeoIP/GeoLite2-ASN.mmdb {
    $geoip2_asn default=0 autonomous_system_number;
    $geoip2_org default=ISP autonomous_system_organization;
  }

  geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb {
    $geoip2_country_name default=England country names en;
    $geoip2_city_name default=London city names en;
  }
  {%- endif %}

  include sites-enabled/*;

  log_format main '$http_x_forwarded_for - $remote_user [$time_iso8601] '
                  '"$request" $status $body_bytes_sent '
                  '"$http_referer" "$http_user_agent"';

  access_log /var/log/nginx/$host.access.log main;
  access_log syslog:server=localhost:514 main;

  default_type application/octet-stream;
  tcp_nodelay on;
  sendfile on;
  keepalive_timeout 60;
  server_tokens off;
  port_in_redirect off;

  proxy_intercept_errors on;
  fastcgi_intercept_errors on;
  fastcgi_read_timeout 300;

  gzip on;
  gzip_vary on;
  gzip_min_length 1023;
  gzip_proxied expired no-cache no-store private auth;
  gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;

  server {
    listen {{ nginx.config.http_port }} default_server;
    listen [::]:{{ nginx.config.http_port }} default_server;
    listen {{ nginx.config.http_proxy_port }} default_server proxy_protocol;
    listen [::]:{{ nginx.config.http_proxy_port }} default_server proxy_protocol;

    listen {{ nginx.config.https_port }} default_server ssl http2;
    listen [::]:{{ nginx.config.https_port }} default_server ssl http2;
    listen {{ nginx.config.https_proxy_port }} default_server ssl http2 proxy_protocol;
    listen [::]:{{ nginx.config.https_proxy_port }} default_server ssl http2 proxy_protocol;

    root /var/www/html;
    index index.html;

    location = / {
      return 404;
    }

    location = /status {
      stub_status on;
      access_log off;
      allow 127.0.0.1;
      allow ::1;
      deny all;
    }
  }
}
initial commit 2020-07-10 00:58:55 +02:00			`## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}`
updated nginx state 2022-10-10 10:19:42 +02:00			`{%- from "nginx/map.jinja" import nginx with context %}`
initial commit 2020-07-10 00:58:55 +02:00
updated nginx state 2022-10-10 10:19:42 +02:00			`{%- if nginx.config.geoip %}`
			`load_module modules/ngx_http_geoip2_module.so;`
			`{%- endif%}`
updated nginx state 2023-11-10 13:26:06 +01:00			`{%- if nginx.config.webdav %}`
			`load_module modules/ngx_http_dav_ext_module.so;`
			`{%- endif%}`
updated nginx state 2024-04-11 10:30:13 +02:00			`{%- if nginx.config.lua %}`
updated nginx state 2024-04-11 10:54:41 +02:00			`load_module modules/ndk_http_module.so;`
updated nginx state 2024-04-11 10:30:13 +02:00			`load_module modules/ngx_http_lua_module.so;`
			`{%- endif%}`
initial commit 2020-07-10 00:58:55 +02:00
updated nginx state 2022-10-10 10:19:42 +02:00			`user {{ nginx.config.user }};`
initial commit 2020-07-10 00:58:55 +02:00
updated nginx state 2022-10-10 10:19:42 +02:00			`worker_processes {{ nginx.config.workers }};`

			`error_log /var/log/nginx/error.log;`
			`error_log syslog:server=localhost:514 info;`
initial commit 2020-07-10 00:58:55 +02:00
			`events {`
			`worker_connections 1024;`
			`}`

			`http {`
updated nginx state 2023-03-10 00:05:57 +01:00			`include access;`
updated nginx state 2022-10-10 10:19:42 +02:00			`include fastcgi_params;`
			`include proxy_params;`
			`include mime.types;`
			`include ssl_params;`
			`charset utf-8;`

updated nginx state 2023-12-04 22:34:43 +01:00			`types_hash_bucket_size 256;`
			`types_hash_max_size 2048;`

updated nginx state 2023-06-06 09:24:24 +02:00			`real_ip_header proxy_protocol;`
			`set_real_ip_from 127.0.0.1;`
			`set_real_ip_from ::1;`

updated nginx state 2022-10-10 10:19:42 +02:00			`{%- if nginx.config.geoip %}`
updated nginx state 2024-05-15 13:32:58 +02:00			`geoip2 /usr/share/GeoIP/GeoLite2-ASN.mmdb {`
updated nginx state 2022-10-10 10:19:42 +02:00			`$geoip2_asn default=0 autonomous_system_number;`
			`$geoip2_org default=ISP autonomous_system_organization;`
			`}`

updated nginx state 2024-05-15 13:32:58 +02:00			`geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb {`
updated nginx state 2022-10-10 10:19:42 +02:00			`$geoip2_country_name default=England country names en;`
			`$geoip2_city_name default=London city names en;`
			`}`
			`{%- endif %}`

			`include sites-enabled/*;`
initial commit 2020-07-10 00:58:55 +02:00
updated nginx state 2022-10-10 10:19:42 +02:00			`log_format main '$http_x_forwarded_for - $remote_user [$time_iso8601] '`
			`'"$request" $status $body_bytes_sent '`
			`'"$http_referer" "$http_user_agent"';`
initial commit 2020-07-10 00:58:55 +02:00
updated nginx state 2022-10-10 10:19:42 +02:00			`access_log /var/log/nginx/$host.access.log main;`
			`access_log syslog:server=localhost:514 main;`
initial commit 2020-07-10 00:58:55 +02:00
updated nginx state 2022-10-10 10:19:42 +02:00			`default_type application/octet-stream;`
updated nginx state 2023-03-10 00:05:57 +01:00			`tcp_nodelay on;`
updated nginx state 2022-10-10 10:19:42 +02:00			`sendfile on;`
			`keepalive_timeout 60;`
			`server_tokens off;`
updated nginx state 2024-07-07 22:08:09 +02:00			`port_in_redirect off;`
* Update salt states - bl module updated - borg state updated - config state updated - netbox state updated - nginx state updated - misc updates 2022-02-21 13:52:46 +01:00
updated nginx state 2022-10-10 10:19:42 +02:00			`proxy_intercept_errors on;`
			`fastcgi_intercept_errors on;`
			`fastcgi_read_timeout 300;`
initial commit 2020-07-10 00:58:55 +02:00
updated nginx state 2022-10-10 10:19:42 +02:00			`gzip on;`
			`gzip_vary on;`
updated nginx state 2023-03-10 00:05:57 +01:00			`gzip_min_length 1023;`
updated nginx state 2022-10-10 10:19:42 +02:00			`gzip_proxied expired no-cache no-store private auth;`
			`gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;`
initial commit 2020-07-10 00:58:55 +02:00
			`server {`
updated nginx state 2024-01-03 13:29:16 +01:00			`listen {{ nginx.config.http_port }} default_server;`
			`listen [::]:{{ nginx.config.http_port }} default_server;`
			`listen {{ nginx.config.http_proxy_port }} default_server proxy_protocol;`
			`listen [::]:{{ nginx.config.http_proxy_port }} default_server proxy_protocol;`

			`listen {{ nginx.config.https_port }} default_server ssl http2;`
			`listen [::]:{{ nginx.config.https_port }} default_server ssl http2;`
			`listen {{ nginx.config.https_proxy_port }} default_server ssl http2 proxy_protocol;`
			`listen [::]:{{ nginx.config.https_proxy_port }} default_server ssl http2 proxy_protocol;`
initial commit 2020-07-10 00:58:55 +02:00
updated nginx state 2022-10-10 10:19:42 +02:00			`root /var/www/html;`
			`index index.html;`
initial commit 2020-07-10 00:58:55 +02:00
updated nginx state 2023-02-04 19:53:17 +01:00			`location = / {`
			`return 404;`
			`}`

			`location = /status {`
updated nginx state 2022-10-10 10:19:42 +02:00			`stub_status on;`
			`access_log off;`
			`allow 127.0.0.1;`
			`allow ::1;`
			`deny all;`
initial commit 2020-07-10 00:58:55 +02:00			`}`
			`}`
updated nginx state 2020-10-28 22:56:28 +01:00			`}`