# custom config before server block include /opt/bunkerized-nginx/pre-server-confs/*.conf; {% if MULTISITE == "yes" +%} include /opt/bunkerized-nginx/pre-server-confs/{{ FIRST_SERVER }}/*.conf; {% endif %} server { # FastCGI variables {% if REMOTE_PHP != "" or LOCAL_PHP != "" +%} include {{ NGINX_PREFIX }}fastcgi.conf; {% endif %} # custom config include /opt/bunkerized-nginx/server-confs/*.conf; {% if MULTISITE == "yes" +%} include /opt/bunkerized-nginx/server-confs/{{ FIRST_SERVER }}/*.conf; {% endif %} # proxy real IP {% if PROXY_REAL_IP == "yes" +%} include {{ NGINX_PREFIX }}proxy-real-ip.conf; {% endif %} # include LUA files include {{ NGINX_PREFIX }}main-lua.conf; include {{ NGINX_PREFIX }}log-lua.conf; # ModSecurity {% if USE_MODSECURITY == "yes" +%} include {{ NGINX_PREFIX }}modsecurity.conf; {% endif %} # HTTP listen {% if LISTEN_HTTP == "yes" +%} listen 0.0.0.0:{{ HTTP_PORT }}; {% endif %} # HTTPS listen + config {% if AUTO_LETS_ENCRYPT == "yes" or USE_CUSTOM_HTTPS == "yes" or GENERATE_SELF_SIGNED_SSL == "yes" +%} include {{ NGINX_PREFIX }}https.conf; {% endif %} # HTTP to HTTPS {% if REDIRECT_HTTP_TO_HTTPS == "yes" +%} include {{ NGINX_PREFIX }}redirect-http-to-https.conf; {% endif %} # server name (vhost) server_name {{ SERVER_NAME }}; # disable default server {% if DISABLE_DEFAULT_SERVER == "yes" and MULTISITE != "yes" +%} include {{ NGINX_PREFIX }}disable-default-server.conf; {% endif %} # serve local files {% if SERVE_FILES == "yes" +%} include {{ NGINX_PREFIX }}serve-files.conf; {% endif %} # allowed HTTP methods if ($request_method !~ ^({{ ALLOWED_METHODS }})$) { return 405; } # requests limiting {% if USE_LIMIT_REQ == "yes" +%} include {{ NGINX_PREFIX }}limit-req.conf; {% endif %} # connections limiting {% if USE_LIMIT_CONN == "yes" +%} include {{ NGINX_PREFIX }}limit-conn.conf; {% endif %} # auth basic {% if USE_AUTH_BASIC == "yes" +%} {% if AUTH_BASIC_LOCATION == "sitewide" %} include {{ NGINX_PREFIX }}auth-basic-sitewide.conf; {% else %} include {{ NGINX_PREFIX }}auth-basic.conf; {% endif %} {% endif %} # remove headers {% if REMOVE_HEADERS != "" %} {% for header in REMOVE_HEADERS.split(" ") +%} more_clear_headers '{{ header }}'; {% endfor %} {% endif %} # X-Frame-Option header {% if X_FRAME_OPTIONS != "" +%} include {{ NGINX_PREFIX }}x-frame-options.conf; {% endif %} # X-XSS-Protection header {% if X_XSS_PROTECTION != "" +%} include {{ NGINX_PREFIX }}x-xss-protection.conf; {% endif %} # X-Content-Type header {% if X_CONTENT_TYPE_OPTIONS != "" +%} include {{ NGINX_PREFIX }}x-content-type-options.conf; {% endif %} # Content-Security-Policy header {% if CONTENT_SECURITY_POLICY != "" +%} include {{ NGINX_PREFIX }}content-security-policy.conf; {% endif %} # Referrer-Policy header {% if REFERRER_POLICY != "" +%} include {{ NGINX_PREFIX }}referrer-policy.conf; {% endif %} # Feature-Policy header {% if FEATURE_POLICY != "" +%} include {{ NGINX_PREFIX }}feature-policy.conf; {% endif %} # Permissions-Policy header {% if PERMISSIONS_POLICY != "" +%} include {{ NGINX_PREFIX }}permissions-policy.conf; {% endif %} # cookie flags {% if COOKIE_FLAGS != "" +%} include {{ NGINX_PREFIX }}cookie-flags.conf; {% endif %} # custom errors include {{ NGINX_PREFIX }}error.conf; # client caching {% if USE_CLIENT_CACHE == "yes" +%} include {{ NGINX_PREFIX }}client-cache.conf; {% endif %} # gzip compression {% if USE_GZIP == "yes" +%} include {{ NGINX_PREFIX }}gzip.conf; {% endif %} # brotli compression {% if USE_BROTLI == "yes" +%} include {{ NGINX_PREFIX }}brotli.conf; {% endif %} # maximum body size client_max_body_size {{ MAX_CLIENT_SIZE }}; # enable/disable showing version server_tokens {{ SERVER_TOKENS }}; # open file caching {% if USE_OPEN_FILE_CACHE == "yes" +%} include {{ NGINX_PREFIX }}open-file-cache.conf; {% endif %} # proxy caching {% if USE_PROXY_CACHE == "yes" +%} include {{ NGINX_PREFIX }}proxy-cache.conf; {% endif %} # authelia {% if USE_AUTHELIA == "yes" +%} include {{ NGINX_PREFIX }}authelia-upstream.conf; include {{ NGINX_PREFIX }}authelia-auth-request.conf; {% endif %} # inject into body {% if INJECT_BODY != "" +%} include {{ NGINX_PREFIX }}inject-body.conf; {% endif %} # redirect everything to another host {% if REDIRECT_TO != "" +%} include {{ NGINX_PREFIX }}redirect-to.conf; {% endif %} # reverse proxy {% if USE_REVERSE_PROXY == "yes" +%} include {{ NGINX_PREFIX }}reverse-proxy.conf; {% endif %} # remote PHP {% if REMOTE_PHP != "" or LOCAL_PHP != "" +%} include {{ NGINX_PREFIX }}php.conf; {% endif %} }