aboutsummaryrefslogtreecommitdiffstats
path: root/roles/nginx/templates
diff options
context:
space:
mode:
authorbinary <me@rgoncalves.se>2021-01-15 15:48:42 +0100
committerbinary <me@rgoncalves.se>2021-01-15 15:49:36 +0100
commit58a81dc2ea748cf769d88b7515a39c6587d37ce2 (patch)
treec7664528dba83bc4ddc341137c53ec4acf072f15 /roles/nginx/templates
parentdd2e7cf9113349b9515a27a076f2e45a8a34684e (diff)
downloadinfrastructure-58a81dc2ea748cf769d88b7515a39c6587d37ce2.tar.gz
Add nginx and sourcehut role
Diffstat (limited to 'roles/nginx/templates')
-rw-r--r--roles/nginx/templates/nginx.conf.j293
1 files changed, 93 insertions, 0 deletions
diff --git a/roles/nginx/templates/nginx.conf.j2 b/roles/nginx/templates/nginx.conf.j2
new file mode 100644
index 0000000..8800794
--- /dev/null
+++ b/roles/nginx/templates/nginx.conf.j2
@@ -0,0 +1,93 @@
+
+# nginx ~~ /etc/nginx/nginx.conf
+# managed by Ansible
+
+user {{ nginx_user }};
+
+# Set number of worker processes automatically based on number of CPU cores.
+worker_processes auto;
+
+# Enables the use of JIT for regular expressions to speed-up their processing.
+pcre_jit on;
+
+# Configures default error logger.
+error_log /var/log/nginx/error.log warn;
+
+# Includes files with directives to load dynamic modules.
+include /etc/nginx/modules/*.conf;
+
+
+events {
+ # The maximum number of simultaneous connections that can be opened by
+ # a worker process.
+ worker_connections 1024;
+}
+
+http {
+ # Includes mapping of file name extensions to MIME types of responses
+ # and defines the default type.
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ # Name servers used to resolve names of upstream servers into addresses.
+ # It's also needed when using tcpsocket and udpsocket in Lua modules.
+ #resolver 208.67.222.222 208.67.220.220;
+
+ # Don't tell nginx version to clients.
+ server_tokens off;
+
+ # Specifies the maximum accepted body size of a client request, as
+ # indicated by the request header Content-Length. If the stated content
+ # length is greater than this size, then the client receives the HTTP
+ # error code 413. Set to 0 to disable.
+ client_max_body_size 1m;
+
+ # Timeout for keep-alive connections. Server will close connections after
+ # this time.
+ keepalive_timeout 65;
+
+ # Sendfile copies data between one FD and other from within the kernel,
+ # which is more efficient than read() + write().
+ sendfile on;
+
+ # Don't buffer data-sends (disable Nagle algorithm).
+ # Good for sending frequent small bursts of data in real time.
+ tcp_nodelay on;
+
+ # Causes nginx to attempt to send its HTTP response head in one packet,
+ # instead of using partial frames.
+ #tcp_nopush on;
+
+
+ # Path of the file with Diffie-Hellman parameters for EDH ciphers.
+ #ssl_dhparam /etc/ssl/nginx/dh2048.pem;
+
+ # Specifies that our cipher suits should be preferred over client ciphers.
+ ssl_prefer_server_ciphers on;
+
+ # Enables a shared SSL cache with size that can hold around 8000 sessions.
+ ssl_session_cache shared:SSL:2m;
+
+
+ # Enable gzipping of responses.
+ #gzip on;
+
+ # Set the Vary HTTP header as defined in the RFC 2616.
+ gzip_vary on;
+
+ # Enable checking the existence of precompressed files.
+ #gzip_static on;
+
+
+ # Specifies the main log format.
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ # Sets the path, format, and configuration for a buffered log write.
+ access_log /var/log/nginx/access.log main;
+
+
+ # Includes virtual hosts configs.
+ include {{ nginx_subconf_dir }}/*.conf;
+}
remember that computers suck.