Dustin C. Hatch
388fd91096
There may be cases where we want either error logs or access logs to be sent to syslog, but not both. To support these, there are now two variables: `nginx_access_log_syslog` and `nginx_error_log_syslog`. Both use the value of the `nginx_log_syslog` variable by default, so existing users of the _nginx_ role will continue to work as before.
103 lines
3.0 KiB
Django/Jinja
103 lines
3.0 KiB
Django/Jinja
# For more information on configuration, see:
|
|
# * Official English Documentation: http://nginx.org/en/docs/
|
|
# * Official Russian Documentation: http://nginx.org/ru/docs/
|
|
|
|
user {{ nginx_user }};
|
|
worker_processes auto;
|
|
{% if nginx_error_log_file %}
|
|
error_log {{ nginx_error_log_file }};
|
|
{% endif %}
|
|
{% if nginx_error_log_syslog|bool %}
|
|
error_log syslog:server=unix:/dev/log,facility=daemon,nohostname;
|
|
{% endif %}
|
|
pid /run/nginx.pid;
|
|
|
|
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
|
|
include /usr/share/nginx/modules/*.conf;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
http {
|
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
'$status $body_bytes_sent "$http_referer" '
|
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
|
|
{% if nginx_access_log_file %}
|
|
access_log {{ nginx_access_log_file }} main;
|
|
{% endif %}
|
|
{% if nginx_access_log_syslog|bool %}
|
|
access_log syslog:server=unix:/dev/log,facility=daemon,nohostname main;
|
|
{% endif %}
|
|
|
|
sendfile on;
|
|
tcp_nopush on;
|
|
tcp_nodelay on;
|
|
keepalive_timeout 65;
|
|
types_hash_max_size 2048;
|
|
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
# Load modular configuration files from the /etc/nginx/conf.d directory.
|
|
# See http://nginx.org/en/docs/ngx_core_module.html#include
|
|
# for more information.
|
|
include /etc/nginx/conf.d/*.conf;
|
|
|
|
server {
|
|
listen 80 default_server;
|
|
listen [::]:80 default_server;
|
|
server_name _;
|
|
root /usr/share/nginx/html;
|
|
|
|
{% if nginx_redirect_http_https %}
|
|
return 301 https://$host$request_uri;
|
|
{% else %}
|
|
# Load configuration files for the default server block.
|
|
include /etc/nginx/default.d/*.conf;
|
|
{% endif %}
|
|
|
|
error_page 404 /404.html;
|
|
location = /40x.html {
|
|
}
|
|
|
|
error_page 500 502 503 504 /50x.html;
|
|
location = /50x.html {
|
|
}
|
|
}
|
|
{% if not nginx_disable_tls|d %}
|
|
|
|
# Settings for a TLS enabled server.
|
|
|
|
server {
|
|
listen 443 ssl http2 default_server;
|
|
listen [::]:443 ssl http2 default_server;
|
|
server_name _;
|
|
root /usr/share/nginx/html;
|
|
|
|
ssl_certificate "{{ nginx_ssl_certificate }}";
|
|
ssl_certificate_key "{{ nginx_ssl_certificate_key }}";
|
|
{% if nginx_ssl_ca_certificate is defined %}
|
|
ssl_client_certificate "{{ nginx_ssl_ca_certificate }}";
|
|
{% endif %}
|
|
ssl_session_cache {{ nginx_ssl_session_cache }};
|
|
ssl_session_timeout {{ nginx_ssl_session_timeout }};
|
|
ssl_ciphers {{ nginx_ssl_ciphers|join(':') }};
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
# Load configuration files for the default server block.
|
|
include /etc/nginx/default.d/*.conf;
|
|
|
|
error_page 404 /404.html;
|
|
location = /40x.html {
|
|
}
|
|
|
|
error_page 500 502 503 504 /50x.html;
|
|
location = /50x.html {
|
|
}
|
|
}
|
|
{% endif %}
|
|
|
|
}
|