summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorclarkzjw <[email protected]>2023-02-08 00:40:09 -0800
committerclarkzjw <[email protected]>2023-02-08 00:40:09 -0800
commit1204730924436ef9e1c7c49c9557837f9a5ed0e8 (patch)
tree129d79dfd11245751cee6d4082ff5d2f6e941610 /ansible/roles/nginx/files/conf.d/http.custom.conf
parent9635ac4dedf69de5bff65785bcc16bef80b52d75 (diff)
downloadmail-master.tar.gz
fork https://github.com/mattsta/mailwebHEADmaster
Diffstat (limited to 'ansible/roles/nginx/files/conf.d/http.custom.conf')
-rw-r--r--ansible/roles/nginx/files/conf.d/http.custom.conf84
1 files changed, 84 insertions, 0 deletions
diff --git a/ansible/roles/nginx/files/conf.d/http.custom.conf b/ansible/roles/nginx/files/conf.d/http.custom.conf
new file mode 100644
index 0000000..5f70166
--- /dev/null
+++ b/ansible/roles/nginx/files/conf.d/http.custom.conf
@@ -0,0 +1,84 @@
1
2## Proxy options
3proxy_buffering on;
4# proxy_cache_min_uses 3;
5proxy_cache_path /var/nginx/proxy-cache/ levels=1:2 keys_zone=cache:10m inactive=10m max_size=1000M;
6proxy_cache_valid any 10m;
7proxy_ignore_client_abort off;
8proxy_intercept_errors on;
9proxy_next_upstream error timeout invalid_header;
10proxy_redirect off;
11proxy_set_header Host $host;
12proxy_set_header X-Forwarded-For $remote_addr;
13proxy_connect_timeout 60;
14proxy_send_timeout 60;
15proxy_read_timeout 60;
16
17# We used to use this header when we ran dual http/https stacks to verify
18# user login pages were being only requested over https, but now we forward
19# every site to https, so we can assume our schemes are aligned to our interests
20# (as long as all our backend code stopped checking for X-Forwarded-Proto too).
21#proxy_set_header X-Forwarded-Proto $scheme;
22
23## Size Limits
24# May need to override these (server or location blocks) if doing large uploads.
25# Setting to zero disables any size checking.
26client_body_buffer_size 16k;
27client_max_body_size 15m;
28
29# If clients send headers larger than 1k,
30# they get upgraded to large_client_header_buffers.
31client_header_buffer_size 1k;
32large_client_header_buffers 32 64k;
33
34## Timeouts
35client_body_timeout 5s;
36client_header_timeout 5s;
37keepalive_timeout 5s 5s;
38#keepalive_timeout 0;
39send_timeout 5s;
40
41## General Options
42ignore_invalid_headers on;
43recursive_error_pages on;
44#sendfile on; # enabled by top level config
45server_name_in_redirect off;
46server_tokens off;
47
48# For per-client rate limiting, see config options at:
49# https://nginx.org/en/docs/http/ngx_http_limit_conn_module.html
50
51## Compression
52#gzip on; # enabled by top level config
53gzip_static on;
54gzip_buffers 16 32k;
55gzip_comp_level 6;
56gzip_http_version 1.0;
57gzip_min_length 500;
58gzip_types text/plain application/x-javascript text/xml text/css image/x-icon application/xml application/xml+rss text/javascript application/javascript application/json image/svg+xml font/truetype font/opentype application/vnd.ms-fontobject;
59gzip_vary on;
60gzip_proxied any; # required for cloudfront to receive a gzip'd response
61
62## Filesystem Operation Cache (caches fds, sizes, times, errors, etc)
63open_file_cache max=6000 inactive=5m;
64open_file_cache_valid 2m;
65open_file_cache_min_uses 1;
66open_file_cache_errors on;
67
68# For reading a response from disk
69output_buffers 32 32k;
70
71## Optimize Large File Transfers (can be overriden in hosts and locations)
72aio threads; # use default thread pool, create thread pools: threads=NAME;
73aio_write on; # use threaded writes for temporary files and proxied data
74
75# For files larger than 8 MB, use O_DIRECT instead of sendfile()
76directio 8m;
77directio_alignment 512; # if using XFS, set as 4096
78
79## Access Log Caches
80open_log_file_cache max=64 inactive=20s min_uses=1 valid=1m;
81
82log_format main '$remote_addr - $remote_user [$time_local] "$request" '
83 '$status $body_bytes_sent "$http_referer" '
84 '"$http_user_agent" "$http_x_forwarded_for"';
Powered by cgit v1.2.3 (git 2.41.0)