You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

366 lines
12 KiB

  1. ---
  2. # Enable creating dynamic templated NGINX HTML demo websites.
  3. nginx_html_demo_template_enable: false
  4. nginx_html_demo_template:
  5. default:
  6. template_file: www/index.html.j2
  7. html_file_name: index.html
  8. html_file_location: /usr/share/nginx/html
  9. web_server_name: Default
  10. # Enable creating dynamic templated NGINX configuration files.
  11. # Defaults are the values found in a fresh NGINX installation.
  12. nginx_main_template_enable: false
  13. nginx_main_template:
  14. template_file: nginx.conf.j2
  15. conf_file_name: nginx.conf
  16. conf_file_location: /etc/nginx/
  17. custom_options:
  18. - "include /etc/nginx/modules-enabled/*.conf"
  19. user: www-data
  20. worker_processes: auto
  21. # worker_rlimit_nofile: 1024
  22. error_log:
  23. location: /var/log/nginx/error.log
  24. level: warn
  25. events_custom_options:
  26. - "multi_accept on"
  27. worker_connections: 1024
  28. http_enable: true
  29. http_settings:
  30. access_log_format:
  31. - name: main
  32. format: |-
  33. '$remote_addr - $remote_user [$time_local] "$request" '
  34. '$status $body_bytes_sent "$http_referer" '
  35. '"$http_user_agent" "$http_x_forwarded_for"'
  36. access_log_location:
  37. - name: main
  38. location: /var/log/nginx/access.log
  39. gzip: true
  40. tcp_nopush: true
  41. # tcp_nodelay: true
  42. keepalive_timeout: 65
  43. cache: false
  44. rate_limit: false
  45. keyval: false
  46. server_tokens: "off"
  47. http_custom_options:
  48. - "ssl_protocols TLSv1.2"
  49. - "ssl_ciphers EECDH+AESGCM:EDH+AESGCM"
  50. - "ssl_prefer_server_ciphers on"
  51. http_global_autoindex: false
  52. sub_filter:
  53. # sub_filters: []
  54. last_modified: "off"
  55. once: "on"
  56. types: "text/html"
  57. # http_custom_options: []
  58. stream_enable: false
  59. # stream_custom_options: []
  60. # auth_request_http: /auth
  61. # auth_request_set_http:
  62. # name: $auth_user
  63. # value: $upstream_http_x_user
  64. # Enable creating dynamic templated NGINX HTTP configuration files.
  65. # Defaults will not produce a valid configuration. Instead they are meant to showcase
  66. # the options available for templating. Each key represents a new configuration file.
  67. nginx_http_template_enable: false
  68. nginx_http_template:
  69. default:
  70. template_file: http/default.conf.j2
  71. conf_file_name: default.conf
  72. conf_file_location: /etc/nginx/conf.d/
  73. servers:
  74. server1:
  75. listen:
  76. listen_localhost:
  77. ip: localhost # Wrap in square brackets for IPv6 addresses
  78. port: 8081
  79. ssl: true
  80. opts: [] # Listen opts like http2 which will be added (ssl is automatically added if you specify 'ssl:').
  81. server_name: localhost
  82. include_files: []
  83. error_page: /usr/share/nginx/html
  84. access_log:
  85. - name: main
  86. location: /var/log/nginx/access.log
  87. error_log:
  88. location: /var/log/nginx/error.log
  89. level: warn
  90. root: /usr/share/nginx/html
  91. # https_redirect: $host
  92. autoindex: false
  93. auth_basic: null
  94. auth_basic_user_file: null
  95. try_files: $uri $uri/index.html $uri.html =404
  96. # auth_request: /auth
  97. # auth_request_set:
  98. # name: $auth_user
  99. # value: $upstream_http_x_user
  100. client_max_body_size: 1m
  101. proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
  102. add_headers:
  103. strict_transport_security:
  104. name: Strict-Transport-Security
  105. value: max-age=15768000; includeSubDomains
  106. always: true
  107. # header_name:
  108. # name: Header-X
  109. # value: Value-X
  110. # always: false
  111. ssl:
  112. cert: /etc/ssl/certs/default.crt
  113. key: /etc/ssl/private/default.key
  114. dhparam: /etc/ssl/private/dh_param.pem
  115. protocols: TLSv1 TLSv1.1 TLSv1.2
  116. ciphers: HIGH:!aNULL:!MD5
  117. prefer_server_ciphers: true
  118. session_cache: none
  119. session_timeout: 5m
  120. disable_session_tickets: false
  121. trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt
  122. stapling: true
  123. stapling_verify: true
  124. sub_filter:
  125. # sub_filters: []
  126. last_modified: "off"
  127. once: "on"
  128. types: "text/html"
  129. # custom_options: []
  130. web_server:
  131. locations:
  132. default:
  133. location: /
  134. include_files: []
  135. proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
  136. add_headers:
  137. strict_transport_security:
  138. name: Strict-Transport-Security
  139. value: max-age=15768000; includeSubDomains
  140. always: true
  141. # header_name:
  142. # name: Header-X
  143. # value: Value-X
  144. # always: false
  145. html_file_location: /usr/share/nginx/html
  146. html_file_name: index.html
  147. autoindex: false
  148. auth_basic: null
  149. auth_basic_user_file: null
  150. try_files: $uri $uri/index.html $uri.html =404
  151. # auth_request: /auth
  152. # auth_request_set:
  153. # name: $auth_user
  154. # value: $upstream_http_x_user
  155. client_max_body_size: 1m
  156. # returns:
  157. # return302:
  158. # code: 302
  159. # url: https://sso.somehost.local/?url=https://$http_host$request_uri
  160. sub_filter:
  161. # sub_filters: []
  162. last_modified: "off"
  163. once: "on"
  164. types: "text/html"
  165. # custom_options: []
  166. http_demo_conf: false
  167. reverse_proxy:
  168. locations:
  169. backend:
  170. location: /
  171. include_files: []
  172. proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
  173. add_headers:
  174. strict_transport_security:
  175. name: Strict-Transport-Security
  176. value: max-age=15768000; includeSubDomains
  177. always: true
  178. # header_name:
  179. # name: Header-X
  180. # value: Value-X
  181. # always: false
  182. proxy_connect_timeout: null
  183. proxy_pass: http://backend
  184. # rewrites:
  185. # - /foo(.*) /$1 break
  186. # proxy_pass_request_body: off
  187. # allows:
  188. # - 192.168.1.0/24
  189. # denies:
  190. # - all
  191. proxy_set_header:
  192. header_host:
  193. name: Host
  194. value: $host
  195. header_x_real_ip:
  196. name: X-Real-IP
  197. value: $remote_addr
  198. header_x_forwarded_for:
  199. name: X-Forwarded-For
  200. value: $proxy_add_x_forwarded_for
  201. header_x_forwarded_proto:
  202. name: X-Forwarded-Proto
  203. value: $scheme
  204. # header_upgrade:
  205. # name: Upgrade
  206. # value: $http_upgrade
  207. # header_connection:
  208. # name: Connection
  209. # value: "Upgrade"
  210. # header_random:
  211. # name: RandomName
  212. # value: RandomValue
  213. # internal: false
  214. # proxy_store: off
  215. # proxy_store_acccess: user:rw
  216. proxy_read_timeout: null
  217. proxy_send_timeout: null
  218. proxy_ssl:
  219. cert: /etc/ssl/certs/proxy_default.crt
  220. key: /etc/ssl/private/proxy_default.key
  221. trusted_cert: /etc/ssl/certs/proxy_ca.crt
  222. protocols: TLSv1 TLSv1.1 TLSv1.2
  223. ciphers: HIGH:!aNULL:!MD5
  224. verify: false
  225. verify_depth: 1
  226. session_reuse: true
  227. proxy_cache: backend_proxy_cache
  228. proxy_cache_valid:
  229. - code: 200
  230. time: 10m
  231. - code: 301
  232. time: 1m
  233. proxy_temp_path:
  234. path: /var/cache/nginx/proxy/backend/temp
  235. proxy_cache_lock: false
  236. proxy_cache_min_uses: 3
  237. proxy_cache_revalidate: false
  238. proxy_cache_use_stale:
  239. - http_403
  240. - http_404
  241. proxy_ignore_headers:
  242. - Vary
  243. - Cache-Control
  244. proxy_cookie_path:
  245. path: /web/
  246. replacement: /
  247. proxy_buffering: false
  248. proxy_http_version: 1.0
  249. websocket: false
  250. auth_basic: null
  251. auth_basic_user_file: null
  252. try_files: $uri $uri/index.html $uri.html =404
  253. # auth_request: /auth
  254. # auth_request_set:
  255. # name: $auth_user
  256. # value: $upstream_http_x_user
  257. # returns:
  258. # return302:
  259. # code: 302
  260. # url: https://sso.somehost.local/?url=https://$http_host$request_uri
  261. sub_filter:
  262. # sub_filters: []
  263. last_modified: "off"
  264. once: "on"
  265. types: "text/html"
  266. # custom_options: []
  267. health_check_plus: false
  268. returns:
  269. return301:
  270. location: /
  271. code: 301
  272. value: http://$host$request_uri
  273. proxy_cache:
  274. proxy_cache_path:
  275. - path: /var/cache/nginx/proxy/backend
  276. keys_zone:
  277. name: backend_proxy_cache
  278. size: 10m
  279. levels: "1:2"
  280. max_size: 10g
  281. inactive: 60m
  282. use_temp_path: true
  283. proxy_temp_path:
  284. path: /var/cache/nginx/proxy/temp
  285. proxy_cache_valid:
  286. - code: 200
  287. time: 10m
  288. - code: 301
  289. time: 1m
  290. proxy_cache_lock: true
  291. proxy_cache_min_uses: 5
  292. proxy_cache_revalidate: true
  293. proxy_cache_use_stale:
  294. - error
  295. - timeout
  296. proxy_ignore_headers:
  297. - Expires
  298. upstreams:
  299. upstream1:
  300. name: backend
  301. lb_method: least_conn
  302. zone_name: backend_mem_zone
  303. zone_size: 64k
  304. servers:
  305. server1:
  306. address: localhost
  307. port: 8081
  308. weight: 1
  309. health_check: max_fails=1 fail_timeout=10s
  310. # custom_options: []
  311. # custom_options: []
  312. # Enable NGINX status data.
  313. # Will enable 'stub_status'
  314. # Default is false.
  315. nginx_status_enable: false
  316. nginx_status_location: /etc/nginx/conf.d/stub_status.conf
  317. nginx_status_port: 80
  318. # Enable creating dynamic templated NGINX stream configuration files.
  319. # Defaults will not produce a valid configuration. Instead they are meant to showcase
  320. # the options available for templating. Each key represents a new configuration file.
  321. nginx_stream_template_enable: false
  322. nginx_stream_template:
  323. default:
  324. template_file: stream/default.conf.j2
  325. conf_file_name: default.conf
  326. conf_file_location: /etc/nginx/conf.d/stream/
  327. network_streams:
  328. default:
  329. listen_address: localhost
  330. listen_port: 80
  331. udp_enable: false
  332. include_files: []
  333. proxy_pass: backend
  334. proxy_timeout: 3s
  335. proxy_connect_timeout: 1s
  336. proxy_protocol: false
  337. proxy_ssl:
  338. cert: /etc/ssl/certs/proxy_default.crt
  339. key: /etc/ssl/private/proxy_default.key
  340. trusted_cert: /etc/ssl/certs/proxy_ca.crt
  341. protocols: TLSv1 TLSv1.1 TLSv1.2
  342. ciphers: HIGH:!aNULL:!MD5
  343. verify: false
  344. verify_depth: 1
  345. session_reuse: true
  346. health_check_plus: false
  347. # custom_options: []
  348. upstreams:
  349. upstream1:
  350. name: backend
  351. lb_method: least_conn
  352. zone_name: backend
  353. zone_size: 64k
  354. servers:
  355. server1:
  356. address: localhost
  357. port: 8080
  358. weight: 1
  359. health_check: max_fails=1 fail_timeout=10s
  360. # custom_options: []
  361. # custom_options: []