Use standard nginx.conf from lsio alpine nginx base image

readme-vars.yml

@@ -155,6 +155,7 @@ app_setup_nginx_reverse_proxy_block: ""
 
 # changelog
 changelogs:
+  - { date: "14.10.21:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf - Use standard nginx.conf from lsio alpine nginx base image." }
   - { date: "12.10.21:", desc: "Fix deprecated LE root cert check to fix failures when using `STAGING=true`, and failures in revoking." }
   - { date: "06.10.21:", desc: "Added support for Hurricane Electric (HE) DNS validation. Added lxml build deps." }
   - { date: "01.10.21:", desc: "Check if the cert uses the old LE root cert, revoke and regenerate if necessary. [Here's more info](https://twitter.com/letsencrypt/status/1443621997288767491) on LE root cert expiration" }

root/defaults/nginx.conf

@@ -1,150 +0,0 @@
-## Version 2021/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx.conf
-
-user abc;
-
-# Set number of worker processes automatically based on number of CPU cores.
-include /config/nginx/worker_processes.conf;
-
-# Enables the use of JIT for regular expressions to speed-up their processing.
-pcre_jit on;
-
-# Configures default error logger.
-error_log /config/log/nginx/error.log;
-
-# Includes files with directives to load dynamic modules.
-include /etc/nginx/modules/*.conf;
-
-events {
-    # The maximum number of simultaneous connections that can be opened by
-    # a worker process.
-    worker_connections 1024;
-    # multi_accept on;
-}
-
-http {
-    # Includes mapping of file name extensions to MIME types of responses
-    # and defines the default type.
-    include /etc/nginx/mime.types;
-    default_type application/octet-stream;
-
-    # Name servers used to resolve names of upstream servers into addresses.
-    # It's also needed when using tcpsocket and udpsocket in Lua modules.
-    #resolver 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001;
-    include /config/nginx/resolver.conf;
-
-    # Don't tell nginx version to the clients. Default is 'on'.
-    server_tokens off;
-
-    # Specifies the maximum accepted body size of a client request, as
-    # indicated by the request header Content-Length. If the stated content
-    # length is greater than this size, then the client receives the HTTP
-    # error code 413. Set to 0 to disable. Default is '1m'.
-    client_max_body_size 0;
-
-    # Sendfile copies data between one FD and other from within the kernel,
-    # which is more efficient than read() + write(). Default is off.
-    sendfile on;
-
-    # Causes nginx to attempt to send its HTTP response head in one packet,
-    # instead of using partial frames. Default is 'off'.
-    tcp_nopush on;
-
-    # Helper variable for proxying websockets.
-    map $http_upgrade $connection_upgrade {
-        default upgrade;
-        '' close;
-    }
-
-    # Sets the path, format, and configuration for a buffered log write.
-    access_log /config/log/nginx/access.log;
-
-    # Includes virtual hosts configs.
-    #include /etc/nginx/http.d/*.conf;
-
-    # WARNING: Don't use this directory for virtual hosts anymore.
-    # This include will be moved to the root context in Alpine 3.14.
-    #include /etc/nginx/conf.d/*.conf;
-
-
-    ##
-    # Basic Settings
-    ##
-
-    client_body_buffer_size 128k;
-    keepalive_timeout 65;
-    large_client_header_buffers 4 16k;
-    send_timeout 5m;
-    tcp_nodelay on;
-    types_hash_max_size 2048;
-    variables_hash_max_size 2048;
-    # server_names_hash_bucket_size 64;
-    # server_name_in_redirect off;
-
-    ##
-    # Gzip Settings
-    ##
-
-    gzip on;
-    gzip_disable "msie6";
-    # gzip_vary on;
-    # gzip_proxied any;
-    # gzip_comp_level 6;
-    # gzip_buffers 16 8k;
-    # gzip_http_version 1.1;
-    # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
-
-    ##
-    # nginx-naxsi config
-    ##
-    # Uncomment it if you installed nginx-naxsi
-    ##
-
-    #include /etc/nginx/naxsi_core.rules;
-
-    ##
-    # nginx-passenger config
-    ##
-    # Uncomment it if you installed nginx-passenger
-    ##
-
-    #passenger_root /usr;
-    #passenger_ruby /usr/bin/ruby;
-
-    ##
-    # Virtual Host Configs
-    ##
-    include /config/nginx/site-confs/*;
-    #Removed lua. Do not remove this comment
-
-    ##
-    # Geoip2 config
-    ##
-    # Uncomment to add the Geoip2 configs needed to geo block countries/cities.
-    ##
-
-    #include /config/nginx/geoip2.conf;
-}
-
-#mail {
-#    # See sample authentication script at:
-#    # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
-#
-#    # auth_http localhost/auth.php;
-#    # pop3_capabilities "TOP" "USER";
-#    # imap_capabilities "IMAP4rev1" "UIDPLUS";
-#
-#    server {
-#        listen     localhost:110;
-#        protocol   pop3;
-#        proxy      on;
-#    }
-#
-#    server {
-#        listen     localhost:143;
-#        protocol   imap;
-#        proxy      on;
-#    }
-#}
-
-daemon off;
-pid /run/nginx.pid;

root/etc/cont-init.d/50-config

@@ -68,8 +68,6 @@ cp /config/fail2ban/jail.local /etc/fail2ban/jail.local
     cp /etc/crontabs/root /config/crontabs/
 [[ ! -f /config/nginx/proxy.conf ]] && \
     cp /defaults/proxy.conf /config/nginx/proxy.conf
-[[ ! -f /config/nginx/ssl.conf ]] && \
-    cp /defaults/ssl.conf /config/nginx/ssl.conf
 [[ ! -f /config/nginx/ldap.conf ]] && \
     cp /defaults/ldap.conf /config/nginx/ldap.conf
 [[ ! -f /config/nginx/authelia-server.conf ]] && \
@@ -81,28 +79,6 @@ cp /config/fail2ban/jail.local /etc/fail2ban/jail.local
 [[ ! -f /config/www/502.html ]] &&
     cp /defaults/502.html /config/www/502.html
 
-# Set resolver, ignore ipv6 addresses
-if ! grep -q 'resolver' /config/nginx/resolver.conf; then
-    RESOLVERRAW=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf)
-    for i in ${RESOLVERRAW}; do
-        if [ $(awk -F ':' '{print NF-1}' <<< ${i}) -le 2 ]; then
-            RESOLVER="${RESOLVER} ${i}"
-        fi
-    done
-    if [ -z "${RESOLVER}" ]; then
-        RESOLVER="127.0.0.11"
-    fi
-    echo "Setting resolver to ${RESOLVER}"
-    echo -e "# This file is auto-generated only on first start, based on the container's /etc/resolv.conf file. Feel free to modify it as you wish.\n\nresolver ${RESOLVER} valid=30s;" > /config/nginx/resolver.conf
-fi
-
-# Set worker_processes
-if ! grep -q 'worker_processes' /config/nginx/worker_processes.conf; then
-    WORKER_PROCESSES=$(nproc)
-    echo "Setting worker_processes to ${WORKER_PROCESSES}"
-    echo -e "# This file is auto-generated only on first start, based on the cpu cores detected. Feel free to change it to any other number or to auto to let nginx handle it automatically.\n\nworker_processes ${WORKER_PROCESSES};" > /config/nginx/worker_processes.conf
-fi
-
 # remove lua bits from nginx.conf if not done before
 if ! grep -q '#Removed lua' /config/nginx/nginx.conf; then
     echo "Removing lua specific info from nginx.conf"
@@ -114,13 +90,6 @@ if ! grep -q 'if ($request_uri ~' /config/nginx/authelia-server.conf; then
     sed -i '/internal;/a \ \ \ \ if ($request_uri ~ [^a-zA-Z0-9_+-=\\!@$%&*?~.:#'\''\\;\\(\\)\\[\\]]) { return 401; }' /config/nginx/authelia-server.conf
 fi
 
-# copy pre-generated dhparams or generate if needed
-[[ ! -f /config/nginx/dhparams.pem ]] && \
-    cp /defaults/dhparams.pem /config/nginx/dhparams.pem
-if ! grep -q 'PARAMETERS' "/config/nginx/dhparams.pem"; then
-    curl -o /config/nginx/dhparams.pem -L "https://ssl-config.mozilla.org/ffdhe4096.txt"
-fi
-
 # check to make sure DNSPLUGIN is selected if dns validation is used
 [[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(aliyun|cloudflare|cloudxns|cpanel|digitalocean|directadmin|dnsimple|dnsmadeeasy|domeneshop|gandi|gehirn|google|hetzner|inwx|ionos|linode|luadns|netcup|njalla|nsone|ovh|rfc2136|route53|sakuracloud|transip|vultr)$ ]] && \
     echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details." && \