91 lines
2.2 KiB
Django/Jinja
91 lines
2.2 KiB
Django/Jinja
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
|
|
{%- from "nginx/map.jinja" import nginx with context %}
|
|
|
|
{%- if nginx.config.geoip %}
|
|
load_module modules/ngx_http_geoip2_module.so;
|
|
{%- endif%}
|
|
|
|
user {{ nginx.config.user }};
|
|
|
|
worker_processes {{ nginx.config.workers }};
|
|
|
|
error_log /var/log/nginx/error.log;
|
|
error_log syslog:server=localhost:514 info;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
http {
|
|
include access;
|
|
include fastcgi_params;
|
|
include proxy_params;
|
|
include mime.types;
|
|
include ssl_params;
|
|
charset utf-8;
|
|
|
|
{%- if nginx.config.geoip %}
|
|
geoip2 /usr/share/GeoIP/GeoLite2-ASN.mmdb {
|
|
$geoip2_asn default=0 autonomous_system_number;
|
|
$geoip2_org default=ISP autonomous_system_organization;
|
|
}
|
|
|
|
geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb {
|
|
$geoip2_country_name default=England country names en;
|
|
$geoip2_city_name default=London city names en;
|
|
}
|
|
{%- endif %}
|
|
|
|
include sites-enabled/*;
|
|
|
|
log_format main '$http_x_forwarded_for - $remote_user [$time_iso8601] '
|
|
'"$request" $status $body_bytes_sent '
|
|
'"$http_referer" "$http_user_agent"';
|
|
|
|
access_log /var/log/nginx/$host.access.log main;
|
|
access_log syslog:server=localhost:514 main;
|
|
|
|
default_type application/octet-stream;
|
|
tcp_nodelay on;
|
|
sendfile on;
|
|
keepalive_timeout 60;
|
|
server_tokens off;
|
|
|
|
proxy_intercept_errors on;
|
|
fastcgi_intercept_errors on;
|
|
fastcgi_read_timeout 300;
|
|
|
|
gzip on;
|
|
gzip_vary on;
|
|
gzip_min_length 1023;
|
|
gzip_proxied expired no-cache no-store private auth;
|
|
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
|
|
|
|
server {
|
|
listen {{ nginx.config.http_port }} default_server proxy_protocol;
|
|
listen [::]:{{ nginx.config.http_port }} default_server proxy_protocol;
|
|
|
|
listen {{ nginx.config.https_port }} default_server ssl http2 proxy_protocol;
|
|
listen [::]:{{ nginx.config.https_port }} default_server ssl http2 proxy_protocol;
|
|
|
|
root /var/www/html;
|
|
index index.html;
|
|
|
|
real_ip_header X-Forwarded-For;
|
|
set_real_ip_from 127.0.0.1;
|
|
set_real_ip_from ::1;
|
|
|
|
location = / {
|
|
return 404;
|
|
}
|
|
|
|
location = /status {
|
|
stub_status on;
|
|
access_log off;
|
|
allow 127.0.0.1;
|
|
allow ::1;
|
|
deny all;
|
|
}
|
|
}
|
|
}
|