Nginx
Supported
Only Nginx 1.10.3 and Debian Stretch.
Other versions might work but are not tested.
Parameters and defaults
All configuration is to be placed inside the nginx
dict.
# array of DNS resolvers
resolver:
- 8.8.8.8
- 8.8.4.4
# name: *upstreamconfig*, see below for definition
upstreams: {}
# name: *vhostconfig*, see below for definition
vhosts: {}
# name: *mapsconfig*, see below for definition
maps: {}
# force all traffic on ssl, except letsencrypt challenges
force_ssl: True
# generate a self signed certificate as default ssl cert
snakeoil_default: False
# install php-fpm, setup a php-handler upstream and copy a php location snippet to include in configs
# either "False", "True" or a dict *phpconfig*, see below for definition
php: False
# dict of ips to accept "X-Forwarded-~" from
real_ip_from: {"127.0.0.1": {}, "::1": {}}
# array of headers to add on *all* vhosts
add_headers: []
upstreamconfig:
# array of upstream servers
server:
-
# can be "unix:/path/to/socket" or "foo.bar" or "foo.bar:443"
address: *mandatory*
# monitor dns for changes
resolve: true
vhosts:
# array of server names, example: foo.bar
servername: []
# set this server as default
default_server: False
listen:
ssl: True
ssl_port: 443
nossl: False
nossl_port: 80
v4: True
v4_ip:
- 0.0.0.0
v6: True
v6_ip:
- '[::]'
# example: "https://upstream". If set to None no reverse proxy will be set up.
backend: None
# sets ssl certs to letsencrypt paths and enable letsencrypt for this vhost
letsencrypt: False
# Array of custom config strings to add to the vhost config, the ";" is added after every entry
custom: []
# array of locations, see below
locations: [*locationconfig*, .. ]
# array of files to include at the server level
includes: []
# configure authentication, disabled by default. See *authconfig* below for definition
auth: *authconfig*
# array of headers to add on this vhost
add_headers: []
# SSL key, mutally exclusive with letsencrypt option
key: ~
# SSL certificat, mutally exclusive with letsencrypt option
crt: ~
locationconfig:
# a match definition, for example "/", see nginx docu: https://nginx.org/en/docs/http/ngx_http_core_module.html#location
match: ''
# an absolut unix path, only set if not none
alias: None
# Array of custom config strings to add to the vhost config, the ";" is added after every entry
custom: []
authconfig
# Boolean: enable authentication
enabled: False
# Path to a htpasswd file
path :''
# can be 'all' or 'any'
satisfy: 'all
mapsconfig:
See https://nginx.org/en/docs/http/ngx_http_map_module.html#map
# source variable name
source: ''
# destination variable name
destination: ''
# 'key: value' dict of values to map
data: {}
phpconfig:
ini:
post_max_size: 64M
upload_max_filesize: 64M