1
0
Fork 0
home-applications/nginx.template.conf

110 lines
3.8 KiB
Text
Raw Normal View History

#
# A very simple example configuration showing how to launch Nginx as a non-root
# user without sudo access.
#
# Adjust the paths and other settings for your specific circumstances. They are
# currently configured for transient usage - you'd want to pick more permanent
# locations in the filesystem if intending this to run for a while.
#
# Note that as Nginx is not launched as root, it cannot bind to privileged
# ports lower than 1024.
#
# Usage: nginx -c /path/to/this/nginx.conf
#
daemon off;
# This error log will be written regardless of server scope error_log
# definitions, so we have to set this here in the main scope.
#
# Even doing this, Nginx will still try to create the default error file, and
# log a non-fatal error when it fails. After that things will work, however.
error_log /dev/stdout {{ NGINX_ERROR_LOGLEVEL }};
# The pidfile will be written to /var/run unless this is set.
pid /tmp/nginx.pid;
# user nobody nogroup;
worker_processes {{ NGINX_WORKER_PROCESSES }};
events {
worker_connections {{ NGINX_WORKER_CONNECTIONS }};
multi_accept {{ NGINX_MULTI_ACCEPT }};
}
http {
log_format timed_combined '[$time_local] "$request" $status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $request_time $upstream_response_time $remote_addr "$http_x_forwarded_for"';
{% if NGINX_ACCESS_LOG_TO_STDOUT == "true" %}
access_log /dev/stdout timed_combined;
{% else %}
access_log off;
{% endif %}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream main_upstream {
server {{ NGINX_UPSTREAM_SERVER }};
{% if NGINX_UPSTREAM_KEEPALIVE|int > 0 %}
keepalive {{ NGINX_UPSTREAM_KEEPALIVE }};
{% endif %}
}
server {
listen {{ NGINX_SERVER_PORT }};
{% if NGINX_HOSTNAME %}
server_name {{ NGINX_EXTRA_SERVER_NAMES }} {{ NGINX_HOSTNAME }};
{% endif %}
client_max_body_size {{ NGINX_CLIENT_MAX_BODY_SIZE }};
client_body_timeout {{ NGINX_CLIENT_BODY_TIMEOUT }};
fastcgi_read_timeout {{ NGINX_FASTCGI_READ_TIMEOUT }};
proxy_read_timeout {{ NGINX_PROXY_READ_TIMEOUT }};
location = {{ NGINX_HEALTHCHECK_PATH }} {
return 200;
}
location ~ / {
gzip_types {{ NGINX_GZIP_TYPES }};
proxy_pass http://main_upstream;
proxy_http_version 1.1;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# https://blog.percy.io/tuning-nginx-behind-google-cloud-platform-http-s-load-balancer-305982ddb340
keepalive_timeout {{ NGINX_KEEPALIVE_TIMEOUT }};
keepalive_requests {{ NGINX_KEEPALIVE_REQUESTS }};
{% if NGINX_CORS_DOMAINS %}
if ($request_method ~* "(GET|POST|PUT|DELETE)") {
add_header "Access-Control-Allow-Origin" {{ NGINX_CORS_DOMAINS }};
}
if ($request_method = OPTIONS ) {
add_header "Access-Control-Allow-Origin" {{ NGINX_CORS_DOMAINS }};
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, DELETE";
add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
return 200;
}
{% endif %}
}
}
{% if NGINX_HOST_REWRITE_ENABLED %}
server {
listen {{ NGINX_SERVER_PORT }};
server_name {{ NGINX_HOST_REWRITE_SERVER_NAMES }};
return 301 $scheme://{{ NGINX_HOSTNAME }}$request_uri;
}
{% endif %}
}