--- # Enable creating dynamic templated NGINX HTML demo websites. nginx_html_demo_template_enable: false nginx_html_demo_template: default: template_file: www/index.html.j2 html_file_name: index.html html_file_location: /usr/share/nginx/html web_server_name: Default # Enable creating dynamic templated NGINX configuration files. # Defaults are the values found in a fresh NGINX installation. nginx_main_template_enable: false nginx_main_template: template_file: nginx.conf.j2 conf_file_name: nginx.conf conf_file_location: /etc/nginx/ user: nginx worker_processes: auto # worker_rlimit_nofile: 1024 error_log: location: /var/log/nginx/error.log level: warn worker_connections: 1024 http_enable: true http_settings: access_log_format: - name: main format: |- '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"' access_log_location: - name: main location: /var/log/nginx/access.log tcp_nopush: true tcp_nodelay: true keepalive_timeout: 65 cache: false rate_limit: false keyval: false # server_tokens: "off" http_global_autoindex: false # http_custom_options: [] stream_enable: false # stream_custom_options: [] # auth_request_http: /auth # auth_request_set_http: # name: $auth_user # value: $upstream_http_x_user # Enable creating dynamic templated NGINX HTTP configuration files. # Defaults will not produce a valid configuration. Instead they are meant to showcase # the options available for templating. Each key represents a new configuration file. nginx_http_template_enable: false nginx_http_template: default: template_file: http/default.conf.j2 conf_file_name: default.conf conf_file_location: /etc/nginx/conf.d/ servers: server1: listen: listen_localhost: ip: localhost # Wrap in square brackets for IPv6 addresses port: 8081 ssl: true opts: [] # Listen opts like http2 which will be added (ssl is automatically added if you specify 'ssl:'). server_name: localhost include_files: [] error_page: /usr/share/nginx/html access_log: - name: main location: /var/log/nginx/access.log error_log: location: /var/log/nginx/error.log level: warn root: /usr/share/nginx/html # https_redirect: $host autoindex: false auth_basic: null auth_basic_user_file: null try_files: $uri $uri/index.html $uri.html =404 # auth_request: /auth # auth_request_set: # name: $auth_user # value: $upstream_http_x_user client_max_body_size: 1m proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application add_headers: strict_transport_security: name: Strict-Transport-Security value: max-age=15768000; includeSubDomains always: true # header_name: # name: Header-X # value: Value-X # always: false ssl: cert: /etc/ssl/certs/default.crt key: /etc/ssl/private/default.key dhparam: /etc/ssl/private/dh_param.pem protocols: TLSv1 TLSv1.1 TLSv1.2 ciphers: HIGH:!aNULL:!MD5 prefer_server_ciphers: true session_cache: none session_timeout: 5m disable_session_tickets: false trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt stapling: true stapling_verify: true # custom_options: [] web_server: locations: default: location: / include_files: [] proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application add_headers: strict_transport_security: name: Strict-Transport-Security value: max-age=15768000; includeSubDomains always: true # header_name: # name: Header-X # value: Value-X # always: false html_file_location: /usr/share/nginx/html html_file_name: index.html autoindex: false auth_basic: null auth_basic_user_file: null try_files: $uri $uri/index.html $uri.html =404 # auth_request: /auth # auth_request_set: # name: $auth_user # value: $upstream_http_x_user client_max_body_size: 1m # returns: # return302: # code: 302 # url: https://sso.somehost.local/?url=https://$http_host$request_uri # custom_options: [] http_demo_conf: false reverse_proxy: locations: backend: location: / include_files: [] proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application add_headers: strict_transport_security: name: Strict-Transport-Security value: max-age=15768000; includeSubDomains always: true # header_name: # name: Header-X # value: Value-X # always: false proxy_connect_timeout: null proxy_pass: http://backend # rewrites: # - /foo(.*) /$1 break # proxy_pass_request_body: off # allows: # - 192.168.1.0/24 # denies: # - all proxy_set_header: header_host: name: Host value: $host header_x_real_ip: name: X-Real-IP value: $remote_addr header_x_forwarded_for: name: X-Forwarded-For value: $proxy_add_x_forwarded_for header_x_forwarded_proto: name: X-Forwarded-Proto value: $scheme # header_upgrade: # name: Upgrade # value: $http_upgrade # header_connection: # name: Connection # value: "Upgrade" # header_random: # name: RandomName # value: RandomValue # internal: false # proxy_store: off # proxy_store_acccess: user:rw proxy_read_timeout: null proxy_send_timeout: null proxy_ssl: cert: /etc/ssl/certs/proxy_default.crt key: /etc/ssl/private/proxy_default.key trusted_cert: /etc/ssl/certs/proxy_ca.crt protocols: TLSv1 TLSv1.1 TLSv1.2 ciphers: HIGH:!aNULL:!MD5 verify: false verify_depth: 1 session_reuse: true proxy_cache: backend_proxy_cache proxy_cache_valid: - code: 200 time: 10m - code: 301 time: 1m proxy_temp_path: path: /var/cache/nginx/proxy/backend/temp proxy_cache_lock: false proxy_cache_min_uses: 3 proxy_cache_revalidate: false proxy_cache_use_stale: - http_403 - http_404 proxy_ignore_headers: - Vary - Cache-Control proxy_cookie_path: path: /web/ replacement: / proxy_buffering: false proxy_http_version: 1.0 websocket: false auth_basic: null auth_basic_user_file: null try_files: $uri $uri/index.html $uri.html =404 # auth_request: /auth # auth_request_set: # name: $auth_user # value: $upstream_http_x_user # returns: # return302: # code: 302 # url: https://sso.somehost.local/?url=https://$http_host$request_uri # custom_options: [] health_check_plus: false returns: return301: location: / code: 301 value: http://$host$request_uri proxy_cache: proxy_cache_path: - path: /var/cache/nginx/proxy/backend keys_zone: name: backend_proxy_cache size: 10m levels: "1:2" max_size: 10g inactive: 60m use_temp_path: true proxy_temp_path: path: /var/cache/nginx/proxy/temp proxy_cache_valid: - code: 200 time: 10m - code: 301 time: 1m proxy_cache_lock: true proxy_cache_min_uses: 5 proxy_cache_revalidate: true proxy_cache_use_stale: - error - timeout proxy_ignore_headers: - Expires upstreams: upstream1: name: backend lb_method: least_conn zone_name: backend_mem_zone zone_size: 64k sticky_cookie: false servers: server1: address: localhost port: 8081 weight: 1 health_check: max_fails=1 fail_timeout=10s # custom_options: [] # custom_options: [] # Enable NGINX status data. # Will enable 'stub_status' in NGINX Open Source and 'status' in NGINX Plus. # Note - 'status' has been deprecated since NGINX Plus R13. # Default is false. nginx_status_enable: false nginx_status_location: /etc/nginx/conf.d/stub_status.conf nginx_status_port: 80 # Enable NGINX Plus REST API, write access to the REST API, and NGINX Plus dashboard. # Requires NGINX Plus. # Default is false. nginx_rest_api_enable: false nginx_rest_api_template_file: http/api.conf.j2 nginx_rest_api_file_location: /etc/nginx/conf.d/api.conf nginx_rest_api_port: 80 nginx_rest_api_write: false nginx_rest_api_dashboard: false # Enable creating dynamic templated NGINX stream configuration files. # Defaults will not produce a valid configuration. Instead they are meant to showcase # the options available for templating. Each key represents a new configuration file. nginx_stream_template_enable: false nginx_stream_template: default: template_file: stream/default.conf.j2 conf_file_name: default.conf conf_file_location: /etc/nginx/conf.d/stream/ network_streams: default: listen_address: localhost listen_port: 80 udp_enable: false include_files: [] proxy_pass: backend proxy_timeout: 3s proxy_connect_timeout: 1s proxy_protocol: false proxy_ssl: cert: /etc/ssl/certs/proxy_default.crt key: /etc/ssl/private/proxy_default.key trusted_cert: /etc/ssl/certs/proxy_ca.crt protocols: TLSv1 TLSv1.1 TLSv1.2 ciphers: HIGH:!aNULL:!MD5 verify: false verify_depth: 1 session_reuse: true health_check_plus: false # custom_options: [] upstreams: upstream1: name: backend lb_method: least_conn zone_name: backend zone_size: 64k sticky_cookie: false servers: server1: address: localhost port: 8080 weight: 1 health_check: max_fails=1 fail_timeout=10s # custom_options: [] # custom_options: []