Chad
4c24c30526
* Working on getting Reverse Proxy certs to work. * Upgrade mariadb to 10.6. * Checking if anything has missed a check in. * Let's Encrypt is working now after moving the location directive to the conf.d files. Unsure why nginx.conf is not passing it along, so added it to the examples too.
82 lines
2.5 KiB
Nginx Configuration File
82 lines
2.5 KiB
Nginx Configuration File
# 2022-10-05 Hyperling
|
|
|
|
user nginx;
|
|
worker_processes auto;
|
|
|
|
error_log /var/log/nginx/error.log notice;
|
|
pid /var/run/nginx.pid;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
http {
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
log_format main '$remote_addr - $remote_user [$time_local] $host "$request" '
|
|
'$status $body_bytes_sent "$http_referer" '
|
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
|
|
access_log /var/log/nginx/access.log main;
|
|
|
|
sendfile on;
|
|
#tcp_nopush on;
|
|
|
|
keepalive_timeout 65;
|
|
|
|
#gzip on;
|
|
|
|
## Proxy Settings ##
|
|
proxy_redirect off;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header HTTP_AUTHORIZATION $http_authorization;
|
|
proxy_hide_header X-Powered-By;
|
|
proxy_intercept_errors on;
|
|
proxy_http_version 1.1;
|
|
# Proxy Buffer settings - See http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size
|
|
proxy_buffer_size 4k;
|
|
proxy_buffers 4 32k;
|
|
proxy_busy_buffers_size 64k;
|
|
proxy_temp_file_write_size 64k;
|
|
# Timeouts, give up to 5 minutes for slow apps.
|
|
proxy_connect_timeout 600;
|
|
proxy_send_timeout 600;
|
|
proxy_read_timeout 600;
|
|
send_timeout 600;
|
|
|
|
## LetsEncrypt Certbot Setup ##
|
|
# Allow nginx to fulfill LetsEncrypt Certbot challenges.
|
|
# This is not working from here, but is working from the individual conf files for some reason.
|
|
# Have tried adding listen and server_name directives here with no change in functionality.
|
|
server {
|
|
location ^~ /.well-known/acme-challenge/ {
|
|
default_type "text/plain";
|
|
root /etc/nginx/letsencrypt/;
|
|
}
|
|
}
|
|
|
|
## Upstream Configuration ##
|
|
include /etc/nginx/hosts/*;
|
|
|
|
## Reverse Proxied Website Configurations ##
|
|
include /etc/nginx/conf.d/*;
|
|
}
|
|
|
|
# TBD, going live with HTTP first.
|
|
mail {
|
|
## Reverse Proxied Mail Server Configurations ##
|
|
#include /etc/nginx/mail.conf.d/*;
|
|
}
|
|
|
|
stream {
|
|
## Service Forwarding and Load Balancing ##
|
|
# If this supports the `listen` and `server_name` directives then this may
|
|
# be a better choice than mail{} since it will not require an auth server.
|
|
# It could also be useful as a frontend for ssh, databases, APIs, etc.
|
|
include /etc/nginx/load.conf.d/*;
|
|
}
|