yves
/
home-server
1
0
Fork 0
Code Issues 8 Pull Requests Releases Wiki Activity
home-server/roles/dmz_nginx/templates/10.conf.j2

63 lines
2.4 KiB
Django/Jinja
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

# The home-server project produces a multi-purpose setup using Ansible.
# Copyright © 20182023 Y. Gablin, under the GPL-3.0-or-later license.
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
client_body_temp_path /var/tmp/client_body_temp;
proxy_temp_path /var/tmp/proxy_temp;
fastcgi_temp_path /var/tmp/fastcgi_temp;
uwsgi_temp_path /var/tmp/uwsgi_temp;
#scgi_temp_path /var/tmp/scgi_temp;
client_max_body_size {{http_max_upload}};
gzip on;
gzip_comp_level 6;
gzip_proxied any;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/javascript text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy text/xml;
index index.php index.html;
log_format proxy_log '$proxy_protocol_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
reset_timedout_connection on;
server_tokens off;
root {{http_root}};
# server for regular HTTP contents
server {
listen unix:/run/shared_sockets/http.pp proxy_protocol;
access_log /var/log/nginx/http_access.log proxy_log;
set_real_ip_from unix:;
real_ip_header proxy_protocol;
set $proxy_scheme "http";
set $proxy_https "off";
set $proxy_port "80";
include inc.d/{{nickname}}_php-full.inc;
include inc.d/{{nickname}}_filters.inc;
include inc.d/*.http.inc;
}
# server for regular HTTPS contents
server {
listen unix:/run/shared_sockets/https.pp proxy_protocol;
access_log /var/log/nginx/https_access.log proxy_log;
set_real_ip_from unix:;
real_ip_header proxy_protocol;
set $proxy_scheme "https";
set $proxy_https "on";
set $proxy_port "443";
include inc.d/{{nickname}}_php-full.inc;
include inc.d/{{nickname}}_filters.inc;
include inc.d/*.http.inc;
include inc.d/*.https.inc;
}
# server for privileged HTTPS contents
server {
listen unix:/run/shared_sockets/https+.pp proxy_protocol;
access_log /var/log/nginx/https_access.log proxy_log;
set_real_ip_from unix:;
real_ip_header proxy_protocol;
set $proxy_scheme "https";
set $proxy_https "on";
set $proxy_port "443";
include inc.d/{{nickname}}_php-full.inc;
include inc.d/*.http.inc;
include inc.d/*.https.inc;
}
Reference in New Issue View Git Blame Copy Permalink