63 lines
2.4 KiB
Django/Jinja
63 lines
2.4 KiB
Django/Jinja
# The home-server project produces a multi-purpose setup using Ansible.
|
||
# Copyright © 2018–2023 Y. Gablin, under the GPL-3.0-or-later license.
|
||
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
|
||
|
||
client_body_temp_path /var/tmp/client_body_temp;
|
||
proxy_temp_path /var/tmp/proxy_temp;
|
||
fastcgi_temp_path /var/tmp/fastcgi_temp;
|
||
uwsgi_temp_path /var/tmp/uwsgi_temp;
|
||
#scgi_temp_path /var/tmp/scgi_temp;
|
||
client_max_body_size {{http_max_upload}};
|
||
gzip on;
|
||
gzip_comp_level 6;
|
||
gzip_proxied any;
|
||
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/javascript text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy text/xml;
|
||
index index.php index.html;
|
||
log_format proxy_log '$proxy_protocol_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
|
||
reset_timedout_connection on;
|
||
server_tokens off;
|
||
root {{http_root}};
|
||
|
||
# server for regular HTTP contents
|
||
server {
|
||
listen unix:/run/shared_sockets/http.pp proxy_protocol;
|
||
access_log /var/log/nginx/http_access.log proxy_log;
|
||
set_real_ip_from unix:;
|
||
real_ip_header proxy_protocol;
|
||
set $proxy_scheme "http";
|
||
set $proxy_https "off";
|
||
set $proxy_port "80";
|
||
include inc.d/{{nickname}}_php-full.inc;
|
||
include inc.d/{{nickname}}_filters.inc;
|
||
include inc.d/*.http.inc;
|
||
}
|
||
|
||
# server for regular HTTPS contents
|
||
server {
|
||
listen unix:/run/shared_sockets/https.pp proxy_protocol;
|
||
access_log /var/log/nginx/https_access.log proxy_log;
|
||
set_real_ip_from unix:;
|
||
real_ip_header proxy_protocol;
|
||
set $proxy_scheme "https";
|
||
set $proxy_https "on";
|
||
set $proxy_port "443";
|
||
include inc.d/{{nickname}}_php-full.inc;
|
||
include inc.d/{{nickname}}_filters.inc;
|
||
include inc.d/*.http.inc;
|
||
include inc.d/*.https.inc;
|
||
}
|
||
|
||
# server for privileged HTTPS contents
|
||
server {
|
||
listen unix:/run/shared_sockets/https+.pp proxy_protocol;
|
||
access_log /var/log/nginx/https_access.log proxy_log;
|
||
set_real_ip_from unix:;
|
||
real_ip_header proxy_protocol;
|
||
set $proxy_scheme "https";
|
||
set $proxy_https "on";
|
||
set $proxy_port "443";
|
||
include inc.d/{{nickname}}_php-full.inc;
|
||
include inc.d/*.http.inc;
|
||
include inc.d/*.https.inc;
|
||
}
|