Zack Williams | b313bae | 2020-04-22 22:00:53 -0700 | [diff] [blame^] | 1 | # nginx templates/nginx.conf.j2 - {{ ansible_managed }} |
| 2 | # |
| 3 | # SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org> |
| 4 | # SPDX-License-Identifier: Apache-2.0 |
| 5 | |
| 6 | user {{ nginx_username }}; |
| 7 | |
| 8 | pid {{ nginx_pid_file }}; |
| 9 | |
| 10 | worker_processes {{ nginx_conf_worker_processes }}; |
| 11 | |
| 12 | include {{ nginx_conf_dir }}/modules-enabled/*.conf; |
| 13 | |
| 14 | events { |
| 15 | worker_connections {{ nginx_conf_worker_connections }}; |
| 16 | multi_accept {{ nginx_conf_multi_accept }}; |
| 17 | } |
| 18 | |
| 19 | http { |
| 20 | # Basic Settings |
| 21 | sendfile on; |
| 22 | tcp_nopush on; |
| 23 | tcp_nodelay on; |
| 24 | keepalive_timeout 65; |
| 25 | types_hash_max_size 2048; |
| 26 | |
| 27 | client_max_body_size {{ nginx_conf_client_max_body_size }}; |
| 28 | |
| 29 | # MIME Types |
| 30 | include {{ nginx_conf_dir }}/mime.types; |
| 31 | # YAML has official MIME type defined: http://www.iana.org/assignments/media-types/media-types.xhtml |
| 32 | # but many other websites (GitHub, etc.) use this type which displays YAML directly in the browser. |
| 33 | types { |
| 34 | text/yaml yaml yml; |
| 35 | } |
| 36 | default_type application/octet-stream; |
| 37 | |
| 38 | # SSL Settings |
| 39 | # from https://ssl-config.mozilla.org/ |
| 40 | ssl_session_cache shared:SSL:10m; |
| 41 | ssl_session_timeout 1d; |
| 42 | ssl_session_tickets off; |
| 43 | |
| 44 | ssl_dhparam {{ nginx_conf_dir }}/dhparam; |
| 45 | |
| 46 | ssl_protocols TLSv1.2 TLSv1.3; |
| 47 | ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; |
| 48 | ssl_prefer_server_ciphers off; |
| 49 | |
| 50 | # Logging Settings |
| 51 | access_log {{ nginx_log_dir }}/access.log; |
| 52 | error_log {{ nginx_log_dir }}/error.log; |
| 53 | |
| 54 | # gzip Settings |
| 55 | gzip on; |
| 56 | gzip_proxied any; |
| 57 | gzip_types text/plain text/css text/javascript text/xml application/json application/javascript application/xml application/xml+rss; |
| 58 | |
| 59 | # include Configuration and Enabled Sites |
| 60 | include {{ nginx_conf_dir }}/conf.d/*.conf; |
| 61 | include {{ nginx_conf_dir }}/sites-enabled/*; |
| 62 | } |