184 lines
4.2 KiB
Plaintext
184 lines
4.2 KiB
Plaintext
# custom config before server block
|
|
include /opt/bunkerized-nginx/pre-server-confs/*.conf;
|
|
{% if MULTISITE == "yes" %}
|
|
include /opt/bunkerized-nginx/pre-server-confs/{{ FIRST_SERVER }}/*.conf;
|
|
{% endif %}
|
|
|
|
server {
|
|
|
|
# FastCGI variables
|
|
{% if REMOTE_PHP != "" %}
|
|
include {{ NGINX_PREFIX }}fastcgi.conf;
|
|
{% endif %}
|
|
|
|
# custom config
|
|
include /opt/bunkerized-nginx/server-confs/*.conf;
|
|
{% if MULTISITE == "yes" %}
|
|
include /opt/bunkerized-nginx/server-confs/{{ FIRST_SERVER }}/*.conf;
|
|
{% endif %}
|
|
|
|
# proxy real IP
|
|
{% if PROXY_REAL_IP == "yes" %}
|
|
include {{ NGINX_PREFIX }}proxy-real-ip.conf;
|
|
{% endif %}
|
|
|
|
# include LUA files
|
|
include {{ NGINX_PREFIX }}main-lua.conf;
|
|
include {{ NGINX_PREFIX }}log-lua.conf;
|
|
|
|
# ModSecurity
|
|
{% if USE_MODSECURITY == "yes" %}
|
|
include {{ NGINX_PREFIX }}modsecurity.conf;
|
|
{% endif %}
|
|
|
|
# HTTP listen
|
|
{% if LISTEN_HTTP == "yes" %}
|
|
listen 0.0.0.0:{{ HTTP_PORT }};
|
|
{% endif %}
|
|
|
|
# HTTPS listen + config
|
|
{% if AUTO_LETS_ENCRYPT == "yes" or USE_CUSTOM_HTTPS == "yes" or GENERATE_SELF_SIGNED_SSL == "yes" %}
|
|
include {{ NGINX_PREFIX }}https.conf;
|
|
{% endif %}
|
|
|
|
# HTTP to HTTPS
|
|
{% if REDIRECT_HTTP_TO_HTTPS == "yes" %}
|
|
include {{ NGINX_PREFIX }}redirect-http-to-https.conf;
|
|
{% endif %}
|
|
|
|
# server name (vhost)
|
|
server_name {{ SERVER_NAME }};
|
|
|
|
# disable default server
|
|
{% if DISABLE_DEFAULT_SERVER == "yes" and MULTISITE != "yes" %}
|
|
include {{ NGINX_PREFIX }}disable-default-server.conf;
|
|
{% endif %}
|
|
|
|
# serve local files
|
|
{% if SERVE_FILES == "yes" %}
|
|
include {{ NGINX_PREFIX }}serve-files.conf;
|
|
{% endif %}
|
|
|
|
# allowed HTTP methods
|
|
if ($request_method !~ ^({{ ALLOWED_METHODS }})$) {
|
|
return 405;
|
|
}
|
|
|
|
# requests limiting
|
|
{% if USE_LIMIT_REQ == "yes" %}
|
|
include {{ NGINX_PREFIX }}limit-req.conf;
|
|
{% endif %}
|
|
|
|
# connections limiting
|
|
{% if USE_LIMIT_CONN == "yes" %}
|
|
include {{ NGINX_PREFIX }}limit-conn.conf;
|
|
{% endif %}
|
|
|
|
# auth basic
|
|
{% if USE_AUTH_BASIC == "yes" %}
|
|
{% if AUTH_BASIC_LOCATION == "sitewide" %}
|
|
include {{ NGINX_PREFIX }}auth-basic-sitewide.conf;
|
|
{% else %}
|
|
include {{ NGINX_PREFIX }}auth-basic.conf;
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
# remove headers
|
|
{% if REMOVE_HEADERS != "" %}
|
|
{% for header in REMOVE_HEADERS.split(" ") %}
|
|
more_clear_headers '{{ header }}';
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
# X-Frame-Option header
|
|
{% if X_FRAME_OPTIONS != "" %}
|
|
include {{ NGINX_PREFIX }}x-frame-options.conf;
|
|
{% endif %}
|
|
|
|
# X-XSS-Protection header
|
|
{% if X_XSS_PROTECTION != "" %}
|
|
include {{ NGINX_PREFIX }}x-xss-protection.conf;
|
|
{% endif %}
|
|
|
|
# X-Content-Type header
|
|
{% if X_CONTENT_TYPE_OPTIONS != "" %}
|
|
include {{ NGINX_PREFIX }}x-content-type-options.conf;
|
|
{% endif %}
|
|
|
|
# Content-Security-Policy header
|
|
{% if CONTENT_SECURITY_POLICY != "" %}
|
|
include {{ NGINX_PREFIX }}content-security-policy.conf;
|
|
{% endif %}
|
|
|
|
# Referrer-Policy header
|
|
{% if REFERRER_POLICY != "" %}
|
|
include {{ NGINX_PREFIX }}referrer-policy.conf;
|
|
{% endif %}
|
|
|
|
# Feature-Policy header
|
|
{% if FEATURE_POLICY != "" %}
|
|
include {{ NGINX_PREFIX }}feature-policy.conf;
|
|
{% endif %}
|
|
|
|
# Permissions-Policy header
|
|
{% if PERMISSIONS_POLICY != "" %}
|
|
include {{ NGINX_PREFIX }}permissions-policy.conf;
|
|
{% endif %}
|
|
|
|
# cookie flags
|
|
{% if COOKIE_FLAGS != "" %}
|
|
include {{ NGINX_PREFIX }}cookie-flags.conf;
|
|
{% endif %}
|
|
|
|
# custom errors
|
|
include {{ NGINX_PREFIX }}error.conf;
|
|
|
|
# client caching
|
|
{% if USE_CLIENT_CACHE == "yes" %}
|
|
include {{ NGINX_PREFIX }}client-cache.conf;
|
|
{% endif %}
|
|
|
|
# gzip compression
|
|
{% if USE_GZIP == "yes" %}
|
|
include {{ NGINX_PREFIX }}gzip.conf;
|
|
{% endif %}
|
|
|
|
# brotli compression
|
|
{% if USE_BROTLI == "yes" %}
|
|
include {{ NGINX_PREFIX }}brotli.conf;
|
|
{% endif %}
|
|
|
|
# maximum body size
|
|
client_max_body_size {{ MAX_CLIENT_SIZE }};
|
|
|
|
# enable/disable showing version
|
|
server_tokens {{ SERVER_TOKENS }};
|
|
|
|
# open file caching
|
|
{% if USE_OPEN_FILE_CACHE == "yes" %}
|
|
include {{ NGINX_PREFIX }}open-file-cache.conf;
|
|
{% endif %}
|
|
|
|
# proxy caching
|
|
{% if USE_PROXY_CACHE == "yes" %}
|
|
include {{ NGINX_PREFIX }}proxy-cache.conf;
|
|
{% endif %}
|
|
|
|
# authelia
|
|
{% if USE_AUTHELIA == "yes" %}
|
|
include {{ NGINX_PREFIX}}authelia-upstream.conf;
|
|
include {{ NGINX_PREFIX}}authelia-auth-request.conf;
|
|
{% endif %}
|
|
|
|
# reverse proxy
|
|
{% if USE_REVERSE_PROXY == "yes" %}
|
|
include {{ NGINX_PREFIX }}reverse-proxy.conf;
|
|
{% endif %}
|
|
|
|
# remote PHP
|
|
{% if REMOTE_PHP != "" %}
|
|
include {{ NGINX_PREFIX }}php.conf;
|
|
{% endif %}
|
|
|
|
}
|