templates/nginx.conf.j2 - ansible/role/nginx - Gitiles

 # nginx templates/nginx.conf.j2 - {{ ansible_managed }}
 #
 # SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
 # SPDX-License-Identifier: Apache-2.0

 user {{ nginx_username }};

 pid {{ nginx_pid_file }};

 worker_processes {{ nginx_conf_worker_processes }};

 include {{ nginx_conf_dir }}/modules-enabled/*.conf;

 events {
   worker_connections {{ nginx_conf_worker_connections }};
   multi_accept {{ nginx_conf_multi_accept }};
 }

 http {
   # Basic Settings
   sendfile on;
   tcp_nopush on;
   tcp_nodelay on;
   keepalive_timeout 65;
   types_hash_max_size 2048;

   client_max_body_size {{ nginx_conf_client_max_body_size }};

   # MIME Types
   include {{ nginx_conf_dir }}/mime.types;
   # YAML has official MIME type defined: http://www.iana.org/assignments/media-types/media-types.xhtml
   # but many other websites (GitHub, etc.) use this type which displays YAML directly in the browser.
   types {
     text/yaml yaml yml;
   }
   default_type application/octet-stream;

   # SSL Settings
   # from https://ssl-config.mozilla.org/
   ssl_session_cache   shared:SSL:10m;
   ssl_session_timeout 1d;
   ssl_session_tickets off;

   ssl_dhparam {{ nginx_conf_dir }}/dhparam;

   ssl_protocols TLSv1.2 TLSv1.3;
   ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
   ssl_prefer_server_ciphers off;

   # Logging Settings
   access_log {{ nginx_log_dir }}/access.log;
   error_log {{ nginx_log_dir }}/error.log;

   # gzip Settings
   gzip on;
   gzip_proxied any;
   gzip_types text/plain text/css text/javascript text/xml application/json application/javascript application/xml application/xml+rss;

   # include Configuration and Enabled Sites
   include {{ nginx_conf_dir }}/conf.d/*.conf;
   include {{ nginx_conf_dir }}/sites-enabled/*;
 }
	# nginx templates/nginx.conf.j2 - {{ ansible_managed }}
	#
	# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
	# SPDX-License-Identifier: Apache-2.0

	user {{ nginx_username }};

	pid {{ nginx_pid_file }};

	worker_processes {{ nginx_conf_worker_processes }};

	include {{ nginx_conf_dir }}/modules-enabled/*.conf;

	events {
	worker_connections {{ nginx_conf_worker_connections }};
	multi_accept {{ nginx_conf_multi_accept }};
	}

	http {
	# Basic Settings
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;

	client_max_body_size {{ nginx_conf_client_max_body_size }};

	# MIME Types
	include {{ nginx_conf_dir }}/mime.types;
	# YAML has official MIME type defined: http://www.iana.org/assignments/media-types/media-types.xhtml
	# but many other websites (GitHub, etc.) use this type which displays YAML directly in the browser.
	types {
	text/yaml yaml yml;
	}
	default_type application/octet-stream;

	# SSL Settings
	# from https://ssl-config.mozilla.org/
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 1d;
	ssl_session_tickets off;

	ssl_dhparam {{ nginx_conf_dir }}/dhparam;

	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
	ssl_prefer_server_ciphers off;

	# Logging Settings
	access_log {{ nginx_log_dir }}/access.log;
	error_log {{ nginx_log_dir }}/error.log;

	# gzip Settings
	gzip on;
	gzip_proxied any;
	gzip_types text/plain text/css text/javascript text/xml application/json application/javascript application/xml application/xml+rss;

	# include Configuration and Enabled Sites
	include {{ nginx_conf_dir }}/conf.d/*.conf;
	include {{ nginx_conf_dir }}/sites-enabled/*;
	}