bunkerweb/confs2/site/server.conf

# custom config before server block
include /pre-server-confs/*.conf;
{% if MULTISITE == "yes" %}
include /pre-server-confs/{{ FIRST_SERVER }}/*.conf;
{% endif %}

server {

	# FastCGI variables
{% if REMOTE_PHP != "" %}
	include {{ NGINX_PREFIX }}fastcgi.conf;
{% endif %}

	# custom config
	include /server-confs/*.conf;
{% if MULTISITE == "yes" %}
	include /server-confs/{{ FIRST_SERVER }}/*.conf;
{% endif %}

	# proxy real IP
{% if PROXY_REAL_IP == "yes" %}
	include {{ NGINX_PREFIX }}proxy-real-ip.conf;
{% endif %}

	# include LUA files
	include {{ NGINX_PREFIX }}main-lua.conf;
	include {{ NGINX_PREFIX }}log-lua.conf;

	# ModSecurity
{% if USE_MODSECURITY == "yes" }}
	include {{ NGINX_PREFIX }}modsecurity.conf;
{% endif %}

	# HTTP listen
{% if LISTEN_HTTP == "yes" }}
	listen 0.0.0.0:{{ HTTP_PORT }};
{% endif %}

	# HTTPS listen + config
{% if AUTO_LETS_ENCRYPT == "yes" or USE_CUSTOM_HTTPS == "yes" or GENERATE_SELF_SIGNED_SSL == "yes" %}
	include {{ NGINX_PREFIX }}https.conf;
{% endif %}

	# HTTP to HTTPS
{% if REDIRECT_HTTP_TO_HTTPS == "yes" %}
	include {{ NGINX_PREFIX }}redirect-http-to-https.conf;
{% endif %}

	# server name (vhost)
	server_name {{ SERVER_NAME }};

	# disable default server
{% if DISABLE_DEFAULT_SERVER == "yes" and MULTISITE != "yes" %}
	include {{ NGINX_PREFIX }}disable-default-server.conf;
{% endif %}

	# serve local files
{% if SERVE_FILES == "yes" %}
	include {{ NGINX_PREFIX}}serve-files.conf;
{% endif %}

	# allowed HTTP methods
	if ($request_method !~ ^({{ ALLOWED_METHODS }})$) {
		return 405;
	}

	# requests limiting
{% if USE_LIMIT_REQ == "yes" %}
	include {{ NGINX_PREFIX }}limit-req.conf;
{% endif %}

	# connections limiting
{% if USE_LIMIT_CONN == "yes" %}
	include {{ NGINX_PREFIX }}limit-conn.conf;
{% endif %}

	# auth basic
{% if USE_AUTH_BASIC == "yes" %}
	{% if AUTH_BASIC_LOCATION == "sitewide" %}
	include {{ NGINX_PREFIX }}auth-basic-sitewide.conf;
	{% else %}
	include {{ NGINX_PREFIX }}auth-basic.conf;
	{% endif %}
{% endif %}

	# remove headers
{% if REMOVE_HEADERS != "" %}
	{% for header in REMOVE_HEADERS.split(" ") %}
	more_clear_headers '{{ header }}';
	{% endfor %}
{% endif %}

	# X-Frame-Option header
{% if X_FRAME_OPTIONS != "" %}
	include {{ NGINX_PREFIX }}x-frame-options.conf;
{% endif %}

	# X-XSS-Protection header
{% if X_XSS_PROTECTION != "" %}
	include {{ NGINX_PREFIX }}x-xss-protection.conf;
{% endif %}

	# X-Content-Type header
{% if X_CONTENT_TYPE != "" %}
	include {{ NGINX_PREFIX }}x-content-type.conf;
{% endif %}

	# Content-Security-Policy header
{% if CONTENT_SECURITY_POLICY != "" %}
	include {{ NGINX_PREFIX }}content-security-policy.conf;
{% endif %}

	# Referrer-Policy header
{% if REFERRER_POLICY != "" %}
	include {{ NGINX_PREFIX }}referrer-policy.conf;
{% endif %}

	# Feature-Policy header
{% if FEATURE_POLICY != "" %}
	include {{ NGINX_PREFIX }}feature-policy.conf;
{% endif %}

	# Permissions-Policy header
{% if PERMISSIONS_POLICY != "" %}
	include {{ NGINX_PREFIX }}permissions-policy.conf;
{% endif %}

	# cookie flags
{% if COOKIE_FLAGS != "" %}
	include {{ NGINX_PREFIX }}cookie-flags.conf;
{% endif %}

	# TODO : ERRORS

	# client caching
{% if USE_CLIENT_CACHE == "yes" %}
	include {{ NGINX_PREFIX }}client-cache.conf;
{% endif %}

	# gzip compression
{% if USE_GZIP == "yes" %}
	include {{ NGINX_PREFIX }}gzip.conf;
{% endif %}

	# brotli compression
{% if USE_GZIP == "yes" %}
	include {{ NGINX_PREFIX }}gzip.conf;
{% endif %}

	# maximum body size
	client_max_body_size {{ MAX_CLIENT_SIZE }};
	
	# enable/disable showing version
	server_tokens {{ SERVER_TOKENS }};

	# open file caching
{% if USE_OPEN_FILE_CACHE == "yes" %}
	include {{ NGINX_PREFIX }}open-file-cache.conf;	
{% endif %}

	# proxy caching
{% if USE_PROXY_CACHE == "yes" %}
	include {{ NGINX_PREFIX }}proxy-cache.conf;	
{% endif %}

	# reverse proxy
{% if USE_REVERSE_PROXY == "yes" %}
	include {{ NGINX_PREFIX }}reverse-proxy-*.conf;
{% endif %}

	# remote PHP
{% if REMOTE_PHP != "" %}
	include {{ NGINX_PREFIX }}php.conf;
{% endif %}

}