templates/nginx.conf.j2

# nginx templates/nginx.conf.j2 - {{ ansible_managed }}
#
# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
# SPDX-License-Identifier: Apache-2.0

user {{ nginx_username }};

pid {{ nginx_pid_file }};

worker_processes {{ nginx_conf_worker_processes }};

include {{ nginx_conf_dir }}/modules-enabled/*.conf;

events {
  worker_connections {{ nginx_conf_worker_connections }};
  multi_accept {{ nginx_conf_multi_accept }};
}

http {
  # Basic Settings
  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;
  keepalive_timeout 65;
  types_hash_max_size 2048;

  client_max_body_size {{ nginx_conf_client_max_body_size }};

  # MIME Types
  include {{ nginx_conf_dir }}/mime.types;
  # YAML has official MIME type defined: http://www.iana.org/assignments/media-types/media-types.xhtml
  # but many other websites (GitHub, etc.) use this type which displays YAML directly in the browser.
  types {
    text/yaml yaml yml;
  }
  default_type application/octet-stream;

  # SSL Settings
  # from https://ssl-config.mozilla.org/
  ssl_session_cache   shared:SSL:10m;
  ssl_session_timeout 1d;
  ssl_session_tickets off;

  ssl_dhparam {{ nginx_conf_dir }}/dhparam;

  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  ssl_prefer_server_ciphers off;

  # Logging Settings
  access_log {{ nginx_log_dir }}/access.log;
  error_log {{ nginx_log_dir }}/error.log;

  # gzip Settings
  gzip on;
  gzip_proxied any;
  gzip_types text/plain text/css text/javascript text/xml application/json application/javascript application/xml application/xml+rss;

  # include Configuration and Enabled Sites
  include {{ nginx_conf_dir }}/conf.d/*.conf;
  include {{ nginx_conf_dir }}/sites-enabled/*;
}