# Nginx ## Supported Only Nginx 1.10.3 and Debian Stretch. Other versions might work but are not tested. ## Parameters and defaults All configuration is to be placed inside the `nginx` dict. ``` # array of DNS resolvers resolver: - 8.8.8.8 - 8.8.4.4 # name: *upstreamconfig*, see below for definition upstreams: {} # name: *vhostconfig*, see below for definition vhosts: {} # name: *mapsconfig*, see below for definition maps: {} # force all traffic on ssl, except letsencrypt challenges force_ssl: True # generate a self signed certificate as default ssl cert snakeoil_default: False # install php-fpm, setup a php-handler upstream and copy a php location snippet to include in configs # either "False", "True" or a dict *phpconfig*, see below for definition php: False # dict of ips to accept "X-Forwarded-~" from real_ip_from: {"127.0.0.1": {}, "::1": {}} # array of headers to add on *all* vhosts add_headers: [] ``` **upstreamconfig**: ``` # array of upstream servers server: - # can be "unix:/path/to/socket" or "foo.bar" or "foo.bar:443" address: *mandatory* # monitor dns for changes resolve: true ``` **vhosts**: ``` # array of server names, example: foo.bar servername: [] # set this server as default default_server: False listen: ssl: True ssl_port: 443 nossl: False nossl_port: 80 v4: True v4_ip: - 0.0.0.0 v6: True v6_ip: - '[::]' # example: "https://upstream". If set to None no reverse proxy will be set up. backend: None # sets ssl certs to letsencrypt paths and enable letsencrypt for this vhost letsencrypt: False # Array of custom config strings to add to the vhost config, the ";" is added after every entry custom: [] # array of locations, see below locations: [*locationconfig*, .. ] # array of files to include at the server level includes: [] # configure authentication, disabled by default. See *authconfig* below for definition auth: *authconfig* # array of headers to add on this vhost add_headers: [] # SSL key, mutally exclusive with letsencrypt option key: ~ # SSL certificat, mutally exclusive with letsencrypt option crt: ~ # Disallow access to dotfiles besides .well-known by default disallow_dotfiles: True ``` **locationconfig**: ``` # a match definition, for example "/", see nginx docu: https://nginx.org/en/docs/http/ngx_http_core_module.html#location match: '' # an absolut unix path, only set if not none alias: None # Array of custom config strings to add to the vhost config, the ";" is added after every entry custom: [] ``` **authconfig** ``` # Boolean: enable authentication enabled: False # Path to a htpasswd file path :'' # can be 'all' or 'any' satisfy: 'all # example: "https://upstream". If set to None no reverse proxy will be set up. backend: None ``` **mapsconfig**: See https://nginx.org/en/docs/http/ngx_http_map_module.html#map ``` # source variable name source: '' # destination variable name destination: '' # 'key: value' dict of values to map data: {} ``` **phpconfig**: ``` # If set, fpm forks exactly the number of worker processes specified (pm=static, pm.max_children=COUNT) fpm_process_count: 5 ini: post_max_size: 64M upload_max_filesize: 64M ```