# Nginx

## Supported

Only Nginx 1.10.3 and Debian Stretch.

Other versions might work but are not tested.

## Parameters and defaults


All configuration is to be placed inside the `nginx` dict.

```
#  array of DNS resolvers
resolver:
  - 8.8.8.8
  - 8.8.4.4

# name: *upstreamconfig*, see below for definition
upstreams: {}

# name: *vhostconfig*, see below for definition
vhosts: {}

# force all traffic on ssl, except letsencrypt challenges
force_ssl: True

# install php-fpm, setup a php-handler upstream and copy a php location snippet to include in configs
# either "False", "True" or a dict *phpconfig*, see below for definition
php: False

# dict of ips to accept "X-Forwarded-~" from
real_ip_from: {"127.0.0.1": {}, "::1": {}}

```

**upstreamconfig**:
```
# array of upstream servers
server: 
  -
    # can be "unix:/path/to/socket" or "foo.bar" or "foo.bar:443"
    address: *mandatory*

    # monitor dns for changes
    resolve: true
```

**vhosts**:
```
# array of server names, example: foo.bar
servername: []

# set this server as default
default_server: False

listen:
	ssl: True
	ssl_port: 443
	nossl: False
	nossl_port: 80

# example: "https://upstream". If set to None no reverse proxy will be set up.
backend: None

# sets ssl certs to letsencrypt paths and enable letsencrypt for this vhost
letsencrypt: False

# Array of custom config strings to add to the vhost config, the ";" is added after every entry
custom: []

# array of locations, see below
locations: [*locationconfig*, .. ]
```

**locationconfig**:
```
# a match definition, for example "/", see nginx docu: https://nginx.org/en/docs/http/ngx_http_core_module.html#location
match: ''

# an absolut unix path, only set if not none
alias: None
```

**phpconfog**:
```
ini:
	post_max_size: 64M
	upload_max_filesize: 64M
```