## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }} {%- from "nginx/map.jinja" import nginx with context %} {%- if nginx.config.geoip %} load_module modules/ngx_http_geoip2_module.so; {%- endif%} user {{ nginx.config.user }}; worker_processes {{ nginx.config.workers }}; error_log /var/log/nginx/error.log; error_log syslog:server=localhost:514 info; events { worker_connections 1024; } http { include access; include fastcgi_params; include proxy_params; include mime.types; include ssl_params; charset utf-8; {%- if nginx.config.geoip %} geoip2 /usr/share/GeoIP/GeoLite2-ASN.mmdb { $geoip2_asn default=0 autonomous_system_number; $geoip2_org default=ISP autonomous_system_organization; } geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb { $geoip2_country_name default=England country names en; $geoip2_city_name default=London city names en; } {%- endif %} include sites-enabled/*; log_format main '$http_x_forwarded_for - $remote_user [$time_iso8601] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent"'; access_log /var/log/nginx/$host.access.log main; access_log syslog:server=localhost:514 main; default_type application/octet-stream; tcp_nodelay on; sendfile on; keepalive_timeout 60; server_tokens off; proxy_intercept_errors on; fastcgi_intercept_errors on; fastcgi_read_timeout 300; gzip on; gzip_vary on; gzip_min_length 1023; gzip_proxied expired no-cache no-store private auth; gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml; server { listen {{ nginx.config.http_port }} default_server proxy_protocol; listen [::]:{{ nginx.config.http_port }} default_server proxy_protocol; listen {{ nginx.config.https_port }} default_server ssl http2 proxy_protocol; listen [::]:{{ nginx.config.https_port }} default_server ssl http2 proxy_protocol; root /var/www/html; index index.html; real_ip_header X-Forwarded-For; set_real_ip_from 127.0.0.1; set_real_ip_from ::1; location = / { return 404; } location = /status { stub_status on; access_log off; allow 127.0.0.1; allow ::1; deny all; } } }