fossilfranv/nginx_docker-swag
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use standard nginx.conf from lsio alpine nginx base image

Browse Source
This commit is contained in:
Eric Nemchik 2021-10-14 14:01:48 -05:00
parent ed3402fe51
commit dfd7ca4b4b
3 changed files with 1 additions and 181 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
readme-vars.yml
View File

@ -155,6 +155,7 @@ app_setup_nginx_reverse_proxy_block: ""
# changelog
changelogs:
- { date: "14.10.21:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf - Use standard nginx.conf from lsio alpine nginx base image." }
- { date: "12.10.21:", desc: "Fix deprecated LE root cert check to fix failures when using `STAGING=true`, and failures in revoking." }
- { date: "06.10.21:", desc: "Added support for Hurricane Electric (HE) DNS validation. Added lxml build deps." }
- { date: "01.10.21:", desc: "Check if the cert uses the old LE root cert, revoke and regenerate if necessary. [Here's more info](https://twitter.com/letsencrypt/status/1443621997288767491) on LE root cert expiration" }

150
root/defaults/nginx.conf
View File

@ -1,150 +0,0 @@
## Version 2021/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx.conf
user abc;
# Set number of worker processes automatically based on number of CPU cores.
include /config/nginx/worker_processes.conf;
# Enables the use of JIT for regular expressions to speed-up their processing.
pcre_jit on;
# Configures default error logger.
error_log /config/log/nginx/error.log;
# Includes files with directives to load dynamic modules.
include /etc/nginx/modules/*.conf;
events {
# The maximum number of simultaneous connections that can be opened by
# a worker process.
worker_connections 1024;
# multi_accept on;
}
http {
# Includes mapping of file name extensions to MIME types of responses
# and defines the default type.
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Name servers used to resolve names of upstream servers into addresses.
# It's also needed when using tcpsocket and udpsocket in Lua modules.
#resolver 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001;
include /config/nginx/resolver.conf;
# Don't tell nginx version to the clients. Default is 'on'.
server_tokens off;
# Specifies the maximum accepted body size of a client request, as
# indicated by the request header Content-Length. If the stated content
# length is greater than this size, then the client receives the HTTP
# error code 413. Set to 0 to disable. Default is '1m'.
client_max_body_size 0;
# Sendfile copies data between one FD and other from within the kernel,
# which is more efficient than read() + write(). Default is off.
sendfile on;
# Causes nginx to attempt to send its HTTP response head in one packet,
# instead of using partial frames. Default is 'off'.
tcp_nopush on;
# Helper variable for proxying websockets.
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Sets the path, format, and configuration for a buffered log write.
access_log /config/log/nginx/access.log;
# Includes virtual hosts configs.
#include /etc/nginx/http.d/*.conf;
# WARNING: Don't use this directory for virtual hosts anymore.
# This include will be moved to the root context in Alpine 3.14.
#include /etc/nginx/conf.d/*.conf;
##
# Basic Settings
##
client_body_buffer_size 128k;
keepalive_timeout 65;
large_client_header_buffers 4 16k;
send_timeout 5m;
tcp_nodelay on;
types_hash_max_size 2048;
variables_hash_max_size 2048;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
##
# nginx-naxsi config
##
# Uncomment it if you installed nginx-naxsi
##
#include /etc/nginx/naxsi_core.rules;
##
# nginx-passenger config
##
# Uncomment it if you installed nginx-passenger
##
#passenger_root /usr;
#passenger_ruby /usr/bin/ruby;
##
# Virtual Host Configs
##
include /config/nginx/site-confs/*;
#Removed lua. Do not remove this comment
##
# Geoip2 config
##
# Uncomment to add the Geoip2 configs needed to geo block countries/cities.
##
#include /config/nginx/geoip2.conf;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
daemon off;
pid /run/nginx.pid;

31
root/etc/cont-init.d/50-config
View File

@ -68,8 +68,6 @@ cp /config/fail2ban/jail.local /etc/fail2ban/jail.local
cp /etc/crontabs/root /config/crontabs/
[[ ! -f /config/nginx/proxy.conf ]] && \
cp /defaults/proxy.conf /config/nginx/proxy.conf
[[ ! -f /config/nginx/ssl.conf ]] && \
cp /defaults/ssl.conf /config/nginx/ssl.conf
[[ ! -f /config/nginx/ldap.conf ]] && \
cp /defaults/ldap.conf /config/nginx/ldap.conf
[[ ! -f /config/nginx/authelia-server.conf ]] && \
@ -81,28 +79,6 @@ cp /config/fail2ban/jail.local /etc/fail2ban/jail.local
[[ ! -f /config/www/502.html ]] &&
cp /defaults/502.html /config/www/502.html
# Set resolver, ignore ipv6 addresses
if ! grep -q 'resolver' /config/nginx/resolver.conf; then
RESOLVERRAW=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf)
for i in ${RESOLVERRAW}; do
if [ $(awk -F ':' '{print NF-1}' <<< ${i}) -le 2 ]; then
RESOLVER="${RESOLVER} ${i}"
fi
done
if [ -z "${RESOLVER}" ]; then
RESOLVER="127.0.0.11"
fi
echo "Setting resolver to ${RESOLVER}"
echo -e "# This file is auto-generated only on first start, based on the container's /etc/resolv.conf file. Feel free to modify it as you wish.\n\nresolver ${RESOLVER} valid=30s;" > /config/nginx/resolver.conf
fi
# Set worker_processes
if ! grep -q 'worker_processes' /config/nginx/worker_processes.conf; then
WORKER_PROCESSES=$(nproc)
echo "Setting worker_processes to ${WORKER_PROCESSES}"
echo -e "# This file is auto-generated only on first start, based on the cpu cores detected. Feel free to change it to any other number or to auto to let nginx handle it automatically.\n\nworker_processes ${WORKER_PROCESSES};" > /config/nginx/worker_processes.conf
fi
# remove lua bits from nginx.conf if not done before
if ! grep -q '#Removed lua' /config/nginx/nginx.conf; then
echo "Removing lua specific info from nginx.conf"
@ -114,13 +90,6 @@ if ! grep -q 'if ($request_uri ~' /config/nginx/authelia-server.conf; then
sed -i '/internal;/a \ \ \ \ if ($request_uri ~ [^a-zA-Z0-9_+-=\\!@$%&*?~.:#'\''\\;\\(\\)\\[\\]]) { return 401; }' /config/nginx/authelia-server.conf
fi
# copy pre-generated dhparams or generate if needed
[[ ! -f /config/nginx/dhparams.pem ]] && \
cp /defaults/dhparams.pem /config/nginx/dhparams.pem
if ! grep -q 'PARAMETERS' "/config/nginx/dhparams.pem"; then
curl -o /config/nginx/dhparams.pem -L "https://ssl-config.mozilla.org/ffdhe4096.txt"
fi
# check to make sure DNSPLUGIN is selected if dns validation is used
[[ "$VALIDATION" = "dns" ]] && [[ ! "$DNSPLUGIN" =~ ^(aliyun|cloudflare|cloudxns|cpanel|digitalocean|directadmin|dnsimple|dnsmadeeasy|domeneshop|gandi|gehirn|google|hetzner|inwx|ionos|linode|luadns|netcup|njalla|nsone|ovh|rfc2136|route53|sakuracloud|transip|vultr)$ ]] && \
echo "Please set the DNSPLUGIN variable to a valid plugin name. See docker info for more details." && \