Skip to content
Snippets Groups Projects
Select Git revision
  • 5b201a05cf44b0daeffc9f6ad7b68ea7188ded61
  • master default protected
  • feature/ratelimit
3 results

nginx

  • Clone with SSH
  • Clone with HTTPS
  • nd's avatar
    nd authored
    5b201a05
    History

    Nginx

    Supported

    Only Nginx 1.10.3 and Debian Stretch.

    Other versions might work but are not tested.

    Parameters and defaults

    All configuration is to be placed inside the nginx dict.

    #  array of DNS resolvers
    resolver:
      - 8.8.8.8
      - 8.8.4.4
    
    # name: *upstreamconfig*, see below for definition
    upstreams: {}
    
    # name: *vhostconfig*, see below for definition
    vhosts: {}
    
    # name: *mapsconfig*, see below for definition
    maps: {}
    
    # force all traffic on ssl, except letsencrypt challenges
    force_ssl: True
    
    # generate a self signed certificate as default ssl cert
    snakeoil_default: False
    
    # install php-fpm, setup a php-handler upstream and copy a php location snippet to include in configs
    # either "False", "True" or a dict *phpconfig*, see below for definition
    php: False
    
    # dict of ips to accept "X-Forwarded-~" from
    real_ip_from: {"127.0.0.1": {}, "::1": {}}
    
    # array of headers to add on *all* vhosts
    add_headers: []
    

    upstreamconfig:

    # array of upstream servers
    server: 
      -
        # can be "unix:/path/to/socket" or "foo.bar" or "foo.bar:443"
        address: *mandatory*
    
        # monitor dns for changes
        resolve: true

    vhosts:

    # array of server names, example: foo.bar
    servername: []
    
    # set this server as default
    default_server: False
    
    listen:
    	ssl: True
    	ssl_port: 443
    	nossl: False
    	nossl_port: 80
    	v4: True
    	v4_ip:
    	  - 0.0.0.0
    	v6: True
    	v6_ip:
    	  - '[::]'
    
    # example: "https://upstream". If set to None no reverse proxy will be set up.
    backend: None
    
    # sets ssl certs to letsencrypt paths and enable letsencrypt for this vhost
    letsencrypt: False
    
    # Array of custom config strings to add to the vhost config, the ";" is added after every entry
    custom: []
    
    # array of locations, see below
    locations: [*locationconfig*, .. ]
    
    # array of files to include at the server level
    includes: []
    
    # configure authentication, disabled by default. See *authconfig* below for definition
    auth: *authconfig*
    
    # array of headers to add on this vhost
    add_headers: []
    
    # SSL key, mutally exclusive with letsencrypt option
    key: ~
    
    # SSL certificat, mutally exclusive with letsencrypt option
    crt: ~

    locationconfig:

    # a match definition, for example "/", see nginx docu: https://nginx.org/en/docs/http/ngx_http_core_module.html#location
    match: ''
    
    # an absolut unix path, only set if not none
    alias: None
    
    # Array of custom config strings to add to the vhost config, the ";" is added after every entry
    custom: []

    authconfig

    # Boolean: enable authentication
    enabled: False
    
    # Path to a htpasswd file
    path :''
    
    # can be 'all' or 'any'
    satisfy: 'all

    mapsconfig:

    See https://nginx.org/en/docs/http/ngx_http_map_module.html#map

    # source variable name
    source: ''
    
    # destination variable name
    destination: ''
    
    # 'key: value' dict of values to map
    data: {}

    phpconfig:

    ini:
    	post_max_size: 64M
    	upload_max_filesize: 64M