186 lines
5.9 KiB
Bash
186 lines
5.9 KiB
Bash
# List of environment variables for bunkerized-nginx.
|
|
# Manual : https://bunkerized-nginx.readthedocs.io/en/latest/
|
|
|
|
# Antibot
|
|
#USE_ANTIBOT=no
|
|
#ANTIBOT_URI=/challenge
|
|
#ANTIBOT_SESSION_SECRET=random
|
|
#ANTIBOT_RECAPTCHA_SITEKEY=
|
|
#ANTIBOT_RECAPTCHA_SECRET=
|
|
#ANTIBOT_RECAPTCHA_SCORE=0.7
|
|
|
|
# Authelia
|
|
#USE_AUTHELIA=no
|
|
#AUTHELIA_BACKEND=
|
|
#AUTHELIA_UPSTREAM=
|
|
#AUTHELIA_MODE=portal
|
|
|
|
# Basic auth
|
|
#USE_AUTH_BASIC=no
|
|
#AUTH_BASIC_LOCATION=sitewide
|
|
#AUTH_BASIC_USER=changeme
|
|
#AUTH_BASIC_PASSWORD=changeme
|
|
#AUTH_BASIC_TEXT=Restricted area
|
|
|
|
# Blacklist
|
|
#USE_BLACKLIST_IP=yes
|
|
#BLACKLIST_IP_LIST=
|
|
#USE_BLACKLIST_REVERSE=yes
|
|
#BLACKLIST_REVERSE_LIST=.shodan.io
|
|
#BLACKLIST_COUNTRY=
|
|
|
|
# Block
|
|
#BLOCK_USER_AGENT=yes
|
|
#BLOCK_TOR_EXIT_NODE=yes
|
|
#BLOCK_PROXIES=yes
|
|
#BLOCK_ABUSERS=yes
|
|
#BLOCK_REFERRER=yes
|
|
|
|
# Cache
|
|
#USE_CLIENT_CACHE=no
|
|
#CLIENT_CACHE_EXTENSIONS=jpg|jpeg|png|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2
|
|
#CLIENT_CACHE_CONTROL=public, max-age=15552000
|
|
#CLIENT_CACHE_ETAG=on
|
|
#USE_OPEN_FILE_CACHE=no
|
|
#OPEN_FILE_CACHE=max=1000 inactive=20s
|
|
#OPEN_FILE_CACHE_ERRORS=on
|
|
#OPEN_FILE_CACHE_MIN_USES=2
|
|
#OPEN_FILE_CACHE_VALID=30s
|
|
#USE_PROXY_CACHE=no
|
|
#PROXY_CACHE_PATH_ZONE_SIZE=10m
|
|
#PROXY_CACHE_PATH_PARAMS=max_size=100m
|
|
#PROXY_CACHE_METHODS=GET HEAD
|
|
#PROXY_CACHE_MIN_USES=2
|
|
#PROXY_CACHE_KEY=\$scheme\$host\$request_uri
|
|
#PROXY_CACHE_VALID=200=10m 301=10m 302=1h
|
|
#PROXY_NO_CACHE=\$http_authorization
|
|
#PROXY_CACHE_BYPASS=\$http_authorization
|
|
|
|
# Compression
|
|
#USE_GZIP=no
|
|
#GZIP_COMP_LEVEL=5
|
|
#GZIP_MIN_LENGTH=1000
|
|
#GZIP_TYPES=application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml
|
|
#USE_BROTLI=no
|
|
#BROTLI_COMP_LEVEL=6
|
|
#BROTLI_MIN_LENGTH=1000
|
|
#BROTLI_TYPES=application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml
|
|
|
|
# CrowdSec
|
|
#USE_CROWDSEC=no
|
|
#CROWDSEC_HOST=
|
|
#CROWDSEC_KEY=
|
|
|
|
# DNSBL
|
|
#USE_DNSBL=yes
|
|
#DNSBL_LIST=bl.blocklist.de problems.dnsbl.sorbs.net sbl.spamhaus.org xbl.spamhaus.org
|
|
|
|
# HTTPS
|
|
#AUTO_LETS_ENCRYPT=no
|
|
#EMAIL_LETS_ENCRYPT=
|
|
#REDIRECT_HTTP_TO_HTTPS=no
|
|
#HTTP2=yes
|
|
#HTTPS_PROTOCOLS=TLSv1.2 TLSv1.3
|
|
#LISTEN_HTTP=yes
|
|
#USE_CUSTOM_HTTPS=no
|
|
#CUSTOM_HTTPS_CERT=
|
|
#CUSTOM_HTTPS_KEY=
|
|
#GENERATE_SELF_SIGNED_SSL=no
|
|
#SELF_SIGNED_SSL_EXPIRY=365
|
|
#SELF_SIGNED_SSL_COUNTRY=CH
|
|
#SELF_SIGNED_SSL_STATE=Switzerland
|
|
#SELF_SIGNED_SSL_CITY=Bern
|
|
#SELF_SIGNED_SSL_OU=IT
|
|
#SELF_SIGNED_SSL_ORG=Acme Inc
|
|
#SELF_SIGNED_SSL_CN=bunkerized
|
|
|
|
# Headers
|
|
#X_FRAME_OPTIONS=DENY
|
|
#X_XSS_PROTECTION=1; mode=block
|
|
#X_CONTENT_TYPE_OPTIONS=nosniff
|
|
#REFERRER_POLICY=no-referrer
|
|
#FEATURE_POLICY=accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr 'none'; usb 'none'; vibrate 'none'; vr 'none'
|
|
#PERMISSIONS_POLICY=accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), sync-xhr=(), usb=(), vibrate=(), vr=()
|
|
#COOKIE_FLAGS=* HttpOnly SameSite=Lax
|
|
#COOKIE_AUTO_SECURE_FLAG=yes
|
|
#STRICT_TRANSPORT_SECURITY=max-age=31536000
|
|
#CONTENT_SECURITY_POLICY=object-src 'none'; frame-ancestors 'self'; form-action 'self'; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-downloads; base-uri 'self';
|
|
|
|
# Info leak
|
|
#REMOVE_HEADERS=Server X-Powered-By X-AspNet-Version X-AspNetMvc-Version
|
|
#DISABLE_DEFAULT_SERVER=no
|
|
#ERRORS=
|
|
|
|
# Limit conn
|
|
#USE_LIMIT_CONN=yes
|
|
#LIMIT_CONN_MAX=50
|
|
#LIMIT_CONN_CACHE=10m
|
|
|
|
# Limit req
|
|
#USE_LIMIT_REQ=yes
|
|
#LIMIT_REQ_RATE=1r/s
|
|
#LIMIT_REQ_BURST=2
|
|
#LIMIT_REQ_CACHE=10m
|
|
|
|
# Misc
|
|
#SERVER_NAME=www.bunkerity.com
|
|
#MAX_CLIENT_SIZE=10m
|
|
#ALLOWED_METHODS=GET|POST|HEAD
|
|
#SERVE_FILES=yes
|
|
#INJECT_BODY=
|
|
|
|
# ModSecurity
|
|
#USE_MODSECURITY=yes
|
|
#USE_MODSECURITY_CRS=yes
|
|
#MODSECURITY_SEC_AUDIT_ENGINE=RelevantOnly
|
|
|
|
# PHP
|
|
#REMOTE_PHP=
|
|
#REMOTE_PHP_PATH=/app
|
|
|
|
# Reverse proxy
|
|
#USE_REVERSE_PROXY=no
|
|
#REVERSE_PROXY_URL=
|
|
#REVERSE_PROXY_HOST=
|
|
#REVERSE_PROXY_WS=no
|
|
#REVERSE_PROXY_HEADERS=
|
|
#PROXY_REAL_IP=no
|
|
#PROXY_REAL_IP_FROM=192.168.0.0/16 172.16.0.0/12 10.0.0.0/8
|
|
#PROXY_REAL_IP_HEADER=X-Forwarded-For
|
|
#PROXY_REAL_IP_RECURSIVE=on
|
|
|
|
# Bad behavior
|
|
#USE_BAD_BEHAVIOR=yes
|
|
#BAD_BEHAVIOR_BAN_TIME=86400
|
|
#BAD_BEHAVIOR_COUNT_TIME=60
|
|
#BAD_BEHAVIOR_STATUS_CODES=400 401 403 404 405 429 444
|
|
#BAD_BEHAVIOR_THRESHOLD=10
|
|
|
|
# API
|
|
#USE_API=no
|
|
#API_WHITELIST_IP=192.168.0.0/16 172.16.0.0/12 10.0.0.0/8
|
|
#API_URI=random
|
|
#SWARM_MODE=no
|
|
|
|
# nginx
|
|
#MULTISITE=no
|
|
#DNS_RESOLVERS=127.0.0.11
|
|
#LOG_FORMAT=$host $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"
|
|
#LOG_LEVEL=info
|
|
#ROOT_FOLDER=/opt/bunkerized-nginx/www
|
|
#ROOT_SITE_SUBFOLDER=
|
|
#SERVER_TOKENS=off
|
|
#HTTP_PORT=8080
|
|
#HTTPS_PORT=8443
|
|
#WORKER_RLIMIT_NOFILE=2048
|
|
#WORKER_CONNECTIONS=1024
|
|
|
|
# Whitelist
|
|
#USE_WHITELIST_IP=yes
|
|
#WHITELIST_IP_LIST=23.21.227.69 40.88.21.235 50.16.241.113 50.16.241.114 50.16.241.117 50.16.247.234 52.204.97.54 52.5.190.19 54.197.234.188 54.208.100.253 54.208.102.37 107.21.1.8
|
|
#USE_WHITELIST_REVERSE=yes
|
|
#WHITELIST_REVERSE_LIST=.googlebot.com .google.com .search.msn.com .crawl.yahoot.net .crawl.baidu.jp .crawl.baidu.com .yandex.com .yandex.ru .yandex.net
|
|
#WHITELIST_COUNTRY=
|
|
#WHITELIST_USER_AGENT=
|
|
#WHITELIST_URI=
|