154 lines
2.9 KiB
Markdown
154 lines
2.9 KiB
Markdown
# Nginx
|
|
|
|
## Supported
|
|
|
|
Only Nginx 1.10.3 and Debian Stretch.
|
|
|
|
Other versions might work but are not tested.
|
|
|
|
## Parameters and defaults
|
|
|
|
|
|
All configuration is to be placed inside the `nginx` dict.
|
|
|
|
```
|
|
# array of DNS resolvers
|
|
resolver:
|
|
- 8.8.8.8
|
|
- 8.8.4.4
|
|
|
|
# name: *upstreamconfig*, see below for definition
|
|
upstreams: {}
|
|
|
|
# name: *vhostconfig*, see below for definition
|
|
vhosts: {}
|
|
|
|
# name: *mapsconfig*, see below for definition
|
|
maps: {}
|
|
|
|
# force all traffic on ssl, except letsencrypt challenges
|
|
force_ssl: True
|
|
|
|
# generate a self signed certificate as default ssl cert
|
|
snakeoil_default: False
|
|
|
|
# install php-fpm, setup a php-handler upstream and copy a php location snippet to include in configs
|
|
# either "False", "True" or a dict *phpconfig*, see below for definition
|
|
php: False
|
|
|
|
# dict of ips to accept "X-Forwarded-~" from
|
|
real_ip_from: {"127.0.0.1": {}, "::1": {}}
|
|
|
|
# array of headers to add on *all* vhosts
|
|
add_headers: []
|
|
|
|
```
|
|
|
|
**upstreamconfig**:
|
|
```
|
|
# array of upstream servers
|
|
server:
|
|
-
|
|
# can be "unix:/path/to/socket" or "foo.bar" or "foo.bar:443"
|
|
address: *mandatory*
|
|
|
|
# monitor dns for changes
|
|
resolve: true
|
|
```
|
|
|
|
**vhosts**:
|
|
```
|
|
# array of server names, example: foo.bar
|
|
servername: []
|
|
|
|
# set this server as default
|
|
default_server: False
|
|
|
|
listen:
|
|
ssl: True
|
|
ssl_port: 443
|
|
nossl: False
|
|
nossl_port: 80
|
|
v4: True
|
|
v4_ip:
|
|
- 0.0.0.0
|
|
v6: True
|
|
v6_ip:
|
|
- '[::]'
|
|
|
|
# example: "https://upstream". If set to None no reverse proxy will be set up.
|
|
backend: None
|
|
|
|
# sets ssl certs to letsencrypt paths and enable letsencrypt for this vhost
|
|
letsencrypt: False
|
|
|
|
# Array of custom config strings to add to the vhost config, the ";" is added after every entry
|
|
custom: []
|
|
|
|
# array of locations, see below
|
|
locations: [*locationconfig*, .. ]
|
|
|
|
# array of files to include at the server level
|
|
includes: []
|
|
|
|
# configure authentication, disabled by default. See *authconfig* below for definition
|
|
auth: *authconfig*
|
|
|
|
# array of headers to add on this vhost
|
|
add_headers: []
|
|
|
|
# SSL key, mutally exclusive with letsencrypt option
|
|
key: ~
|
|
|
|
# SSL certificat, mutally exclusive with letsencrypt option
|
|
crt: ~
|
|
```
|
|
|
|
**locationconfig**:
|
|
```
|
|
# a match definition, for example "/", see nginx docu: https://nginx.org/en/docs/http/ngx_http_core_module.html#location
|
|
match: ''
|
|
|
|
# an absolut unix path, only set if not none
|
|
alias: None
|
|
|
|
# Array of custom config strings to add to the vhost config, the ";" is added after every entry
|
|
custom: []
|
|
```
|
|
|
|
**authconfig**
|
|
```
|
|
# Boolean: enable authentication
|
|
enabled: False
|
|
|
|
# Path to a htpasswd file
|
|
path :''
|
|
|
|
# can be 'all' or 'any'
|
|
satisfy: 'all
|
|
|
|
# example: "https://upstream". If set to None no reverse proxy will be set up.
|
|
backend: None
|
|
```
|
|
|
|
**mapsconfig**:
|
|
|
|
See https://nginx.org/en/docs/http/ngx_http_map_module.html#map
|
|
|
|
```
|
|
# source variable name
|
|
source: ''
|
|
|
|
# destination variable name
|
|
destination: ''
|
|
|
|
# 'key: value' dict of values to map
|
|
data: {}
|
|
```
|
|
|
|
**phpconfig**:
|
|
```
|
|
ini:
|
|
post_max_size: 64M
|
|
upload_max_filesize: 64M
|
|
```
|