3.2 KiB
3.2 KiB
Nginx
Supported
Only Nginx 1.10.3 and Debian Stretch.
Other versions might work but are not tested.
Parameters and defaults
All configuration is to be placed inside the nginx dict.
# array of DNS resolvers
resolver:
- 8.8.8.8
- 8.8.4.4
# name: *upstreamconfig*, see below for definition
upstreams: {}
# name: *vhostconfig*, see below for definition
vhosts: {}
# name: *mapsconfig*, see below for definition
maps: {}
# name: *cacheconfig*, see below for definition
caches: {}
# force all traffic on ssl, except letsencrypt challenges
force_ssl: True
# generate a self signed certificate as default ssl cert
snakeoil_default: False
# install php-fpm, setup a php-handler upstream and copy a php location snippet to include in configs
# either "False", "True" or a dict *phpconfig*, see below for definition
php: False
# dict of ips to accept "X-Forwarded-~" from
real_ip_from: {"127.0.0.1": {}, "::1": {}}
# array of headers to add on *all* vhosts
add_headers: []
upstreamconfig:
# array of upstream servers
server:
-
# can be "unix:/path/to/socket" or "foo.bar" or "foo.bar:443"
address: *mandatory*
# monitor dns for changes
resolve: true
vhosts:
# array of server names, example: foo.bar
servername: []
# set this server as default
default_server: False
listen:
ssl: True
ssl_port: 443
nossl: False
nossl_port: 80
v4: True
v4_ip:
- 0.0.0.0
v6: True
v6_ip:
- '[::]'
# example: "https://upstream". If set to None no reverse proxy will be set up.
backend: None
# sets ssl certs to letsencrypt paths and enable letsencrypt for this vhost
letsencrypt: False
# Array of custom config strings to add to the vhost config, the ";" is added after every entry
custom: []
# array of locations, see below
locations: [*locationconfig*, .. ]
# array of files to include at the server level
includes: []
# configure authentication, disabled by default. See *authconfig* below for definition
auth: *authconfig*
# array of headers to add on this vhost
add_headers: []
# SSL key, mutally exclusive with letsencrypt option
key: ~
# SSL certificat, mutally exclusive with letsencrypt option
crt: ~
# Disallow access to dotfiles besides .well-known by default
disallow_dotfiles: True
locationconfig:
# a match definition, for example "/", see nginx docu: https://nginx.org/en/docs/http/ngx_http_core_module.html#location
match: ''
# an absolut unix path, only set if not none
alias: None
# Array of custom config strings to add to the vhost config, the ";" is added after every entry
custom: []
# name of the cache to use, only set if not none
cache: None
authconfig
# Boolean: enable authentication
enable: False
# Path to a htpasswd file
path :''
# can be 'all' or 'any'
satisfy: 'all
mapsconfig:
See https://nginx.org/en/docs/http/ngx_http_map_module.html#map
# source variable name
source: ''
# destination variable name
destination: ''
# 'key: value' dict of values to map
data: {}
phpconfig:
# If set, fpm forks exactly the number of worker processes specified (pm=static, pm.max_children=COUNT)
fpm_process_count: 5
ini:
post_max_size: 64M
upload_max_filesize: 64M
cacheconfig:
keys_zone_size: "10m"
cache_size: "1g"
inactive_time: "10m"