Skip to content
Snippets Groups Projects
Select Git revision
  • 4a43d63aea8afb0e3f1774a418163ed9b55567ab
  • master default protected
  • feature/ratelimit
3 results

nginx

  • Clone with SSH
  • Clone with HTTPS
  • Nginx

    Supported

    Only Nginx 1.10.3 and Debian Stretch.

    Other versions might work but are not tested.

    Parameters and defaults

    All configuration is to be placed inside the nginx dict.

    #  array of DNS resolvers
    resolver:
      - 8.8.8.8
      - 8.8.4.4
    
    # name: *upstreamconfig*, see below for definition
    upstreams: {}
    
    # name: *vhostconfig*, see below for definition
    vhosts: {}
    
    # name: *mapsconfig*, see below for definition
    maps: {}
    
    # name: *cacheconfig*, see below for definition
    caches: {}
    
    # force all traffic on ssl, except letsencrypt challenges
    force_ssl: True
    
    # generate a self signed certificate as default ssl cert
    snakeoil_default: False
    
    # install php-fpm, setup a php-handler upstream and copy a php location snippet to include in configs
    # either "False", "True" or a dict *phpconfig*, see below for definition
    php: False
    
    # dict of ips to accept "X-Forwarded-~" from
    real_ip_from: {"127.0.0.1": {}, "::1": {}}
    
    # array of headers to add on *all* vhosts
    add_headers: []
    

    upstreamconfig:

    # array of upstream servers
    server: 
      -
        # can be "unix:/path/to/socket" or "foo.bar" or "foo.bar:443"
        address: *mandatory*
    
        # monitor dns for changes
        resolve: true

    vhosts:

    # array of server names, example: foo.bar
    servername: []
    
    # set this server as default
    default_server: False
    
    listen:
    	ssl: True
    	ssl_port: 443
    	nossl: False
    	nossl_port: 80
    	v4: True
    	v4_ip:
    	  - 0.0.0.0
    	v6: True
    	v6_ip:
    	  - '[::]'
    
    # example: "https://upstream". If set to None no reverse proxy will be set up.
    backend: None
    
    # sets ssl certs to letsencrypt paths and enable letsencrypt for this vhost
    letsencrypt: False
    
    # Array of custom config strings to add to the vhost config, the ";" is added after every entry
    custom: []
    
    # array of locations, see below
    locations: [*locationconfig*, .. ]
    
    # array of files to include at the server level
    includes: []
    
    # configure authentication, disabled by default. See *authconfig* below for definition
    auth: *authconfig*
    
    # array of headers to add on this vhost
    add_headers: []
    
    # SSL key, mutally exclusive with letsencrypt option
    key: ~
    
    # SSL certificat, mutally exclusive with letsencrypt option
    crt: ~
    
    # Disallow access to dotfiles besides .well-known by default
    disallow_dotfiles: True

    locationconfig:

    # a match definition, for example "/", see nginx docu: https://nginx.org/en/docs/http/ngx_http_core_module.html#location
    match: ''
    
    # an absolut unix path, only set if not none
    alias: None
    
    # Array of custom config strings to add to the vhost config, the ";" is added after every entry
    custom: []
    
    # name of the cache to use, only set if not none
    cache: None

    authconfig

    # Boolean: enable authentication
    enable: False
    
    # Path to a htpasswd file
    path :''
    
    # can be 'all' or 'any'
    satisfy: 'all

    mapsconfig:

    See https://nginx.org/en/docs/http/ngx_http_map_module.html#map

    # source variable name
    source: ''
    
    # destination variable name
    destination: ''
    
    # 'key: value' dict of values to map
    data: {}

    phpconfig:

    # If set, fpm forks exactly the number of worker processes specified (pm=static, pm.max_children=COUNT)
    fpm_process_count: 5
    ini:
    	post_max_size: 64M
    	upload_max_filesize: 64M

    cacheconfig:

    keys_zone_size: "10m"
    cache_size: "1g"
    inactive_time: "10m"