1 files changed, 84 insertions, 0 deletions
diff --git a/ansible/roles/nginx/files/conf.d/http.custom.conf b/ansible/roles/nginx/files/conf.d/http.custom.conf
new file mode 100644
index 0000000..5f70166
--- /dev/null
+++ b/ansible/roles/nginx/files/conf.d/http.custom.conf
@@ -0,0 +1,84 @@
+## Proxy options
+proxy_buffering           on;
+#  proxy_cache_min_uses       3;
+proxy_cache_path          /var/nginx/proxy-cache/ levels=1:2 keys_zone=cache:10m inactive=10m max_size=1000M;
+proxy_cache_valid         any 10m;
+proxy_ignore_client_abort off;
+proxy_intercept_errors    on;
+proxy_next_upstream       error timeout invalid_header;
+proxy_redirect            off;
+proxy_set_header          Host $host;
+proxy_set_header          X-Forwarded-For $remote_addr;
+proxy_connect_timeout     60;
+proxy_send_timeout        60;
+proxy_read_timeout        60;
+# We used to use this header when we ran dual http/https stacks to verify
+# user login pages were being only requested over https, but now we forward
+# every site to https, so we can assume our schemes are aligned to our interests
+# (as long as all our backend code stopped checking for X-Forwarded-Proto too).
+#proxy_set_header          X-Forwarded-Proto $scheme;
+## Size Limits
+# May need to override these (server or location blocks) if doing large uploads.
+# Setting to zero disables any size checking.
+client_body_buffer_size   16k;
+client_max_body_size      15m;
+# If clients send headers larger than 1k,
+# they get upgraded to large_client_header_buffers.
+client_header_buffer_size 1k;
+large_client_header_buffers 32 64k;
+## Timeouts
+client_body_timeout   5s;
+client_header_timeout 5s;
+keepalive_timeout     5s 5s;
+#keepalive_timeout 0;
+send_timeout          5s;
+## General Options
+ignore_invalid_headers   on;
+recursive_error_pages    on;
+#sendfile                 on; # enabled by top level config
+server_name_in_redirect off;
+server_tokens           off;
+# For per-client rate limiting, see config options at:
+# https://nginx.org/en/docs/http/ngx_http_limit_conn_module.html
+## Compression
+#gzip              on; # enabled by top level config
+gzip_static       on;
+gzip_buffers      16 32k;
+gzip_comp_level   6;
+gzip_http_version 1.0;
+gzip_min_length   500;
+gzip_types        text/plain application/x-javascript text/xml text/css image/x-icon application/xml application/xml+rss text/javascript application/javascript application/json image/svg+xml font/truetype font/opentype application/vnd.ms-fontobject;
+gzip_vary         on;
+gzip_proxied      any;  # required for cloudfront to receive a gzip'd response
+## Filesystem Operation Cache (caches fds, sizes, times, errors, etc)
+open_file_cache          max=6000 inactive=5m;
+open_file_cache_valid    2m;
+open_file_cache_min_uses 1;
+open_file_cache_errors   on;
+# For reading a response from disk
+output_buffers 32 32k;
+## Optimize Large File Transfers (can be overriden in hosts and locations)
+aio threads; # use default thread pool, create thread pools: threads=NAME;
+aio_write on; # use threaded writes for temporary files and proxied data
+# For files larger than 8 MB, use O_DIRECT instead of sendfile()
+directio 8m;
+directio_alignment 512; # if using XFS, set as 4096
+## Access Log Caches
+open_log_file_cache max=64 inactive=20s min_uses=1 valid=1m;
+log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                  '$status $body_bytes_sent "$http_referer" '
+                  '"$http_user_agent" "$http_x_forwarded_for"';

diff --git a/ansible/roles/nginx/files/conf.d/http.custom.conf b/ansible/roles/nginx/files/conf.d/http.custom.conf new file mode 100644 index 0000000..5f70166 --- /dev/null +++ b/ansible/roles/nginx/files/conf.d/http.custom.conf
@@ -0,0 +1,84 @@
	1
	2	## Proxy options
	3	proxy_buffering on;
	4	# proxy_cache_min_uses 3;
	5	proxy_cache_path /var/nginx/proxy-cache/ levels=1:2 keys_zone=cache:10m inactive=10m max_size=1000M;
	6	proxy_cache_valid any 10m;
	7	proxy_ignore_client_abort off;
	8	proxy_intercept_errors on;
	9	proxy_next_upstream error timeout invalid_header;
	10	proxy_redirect off;
	11	proxy_set_header Host $host;
	12	proxy_set_header X-Forwarded-For $remote_addr;
	13	proxy_connect_timeout 60;
	14	proxy_send_timeout 60;
	15	proxy_read_timeout 60;
	16
	17	# We used to use this header when we ran dual http/https stacks to verify
	18	# user login pages were being only requested over https, but now we forward
	19	# every site to https, so we can assume our schemes are aligned to our interests
	20	# (as long as all our backend code stopped checking for X-Forwarded-Proto too).
	21	#proxy_set_header X-Forwarded-Proto $scheme;
	22
	23	## Size Limits
	24	# May need to override these (server or location blocks) if doing large uploads.
	25	# Setting to zero disables any size checking.
	26	client_body_buffer_size 16k;
	27	client_max_body_size 15m;
	28
	29	# If clients send headers larger than 1k,
	30	# they get upgraded to large_client_header_buffers.
	31	client_header_buffer_size 1k;
	32	large_client_header_buffers 32 64k;
	33
	34	## Timeouts
	35	client_body_timeout 5s;
	36	client_header_timeout 5s;
	37	keepalive_timeout 5s 5s;
	38	#keepalive_timeout 0;
	39	send_timeout 5s;
	40
	41	## General Options
	42	ignore_invalid_headers on;
	43	recursive_error_pages on;
	44	#sendfile on; # enabled by top level config
	45	server_name_in_redirect off;
	46	server_tokens off;
	47
	48	# For per-client rate limiting, see config options at:
	49	# https://nginx.org/en/docs/http/ngx_http_limit_conn_module.html
	50
	51	## Compression
	52	#gzip on; # enabled by top level config
	53	gzip_static on;
	54	gzip_buffers 16 32k;
	55	gzip_comp_level 6;
	56	gzip_http_version 1.0;
	57	gzip_min_length 500;
	58	gzip_types text/plain application/x-javascript text/xml text/css image/x-icon application/xml application/xml+rss text/javascript application/javascript application/json image/svg+xml font/truetype font/opentype application/vnd.ms-fontobject;
	59	gzip_vary on;
	60	gzip_proxied any; # required for cloudfront to receive a gzip'd response
	61
	62	## Filesystem Operation Cache (caches fds, sizes, times, errors, etc)
	63	open_file_cache max=6000 inactive=5m;
	64	open_file_cache_valid 2m;
	65	open_file_cache_min_uses 1;
	66	open_file_cache_errors on;
	67
	68	# For reading a response from disk
	69	output_buffers 32 32k;
	70
	71	## Optimize Large File Transfers (can be overriden in hosts and locations)
	72	aio threads; # use default thread pool, create thread pools: threads=NAME;
	73	aio_write on; # use threaded writes for temporary files and proxied data
	74
	75	# For files larger than 8 MB, use O_DIRECT instead of sendfile()
	76	directio 8m;
	77	directio_alignment 512; # if using XFS, set as 4096
	78
	79	## Access Log Caches
	80	open_log_file_cache max=64 inactive=20s min_uses=1 valid=1m;
	81
	82	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	83	'$status $body_bytes_sent "$http_referer" '
	84	'"$http_user_agent" "$http_x_forwarded_for"';