116 lines
3.8 KiB
Nginx Configuration File
116 lines
3.8 KiB
Nginx Configuration File
# nginx.conf -- docker-openresty
|
|
#
|
|
# This file is installed to:
|
|
# `/usr/local/openresty/nginx/conf/nginx.conf`
|
|
# and is the file loaded by nginx at startup,
|
|
# unless the user specifies otherwise.
|
|
#
|
|
# It tracks the upstream OpenResty's `nginx.conf`, but removes the `server`
|
|
# section and adds this directive:
|
|
# `include /etc/nginx/conf.d/*.conf;`
|
|
#
|
|
# The `docker-openresty` file `nginx.vh.default.conf` is copied to
|
|
# `/etc/nginx/conf.d/default.conf`. It contains the `server section
|
|
# of the upstream `nginx.conf`.
|
|
#
|
|
# See https://github.com/openresty/docker-openresty/blob/master/README.md#nginx-config-files
|
|
#
|
|
|
|
#user nobody;
|
|
#worker_processes 1;
|
|
|
|
# Enables the use of JIT for regular expressions to speed-up their processing.
|
|
pcre_jit on;
|
|
|
|
|
|
|
|
#error_log logs/error.log;
|
|
#error_log logs/error.log notice;
|
|
#error_log logs/error.log info;
|
|
|
|
#pid logs/nginx.pid;
|
|
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
|
|
http {
|
|
include mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
# Enables or disables the use of underscores in client request header fields.
|
|
# When the use of underscores is disabled, request header fields whose names contain underscores are marked as invalid and become subject to the ignore_invalid_headers directive.
|
|
# underscores_in_headers off;
|
|
|
|
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
# '$status $body_bytes_sent "$http_referer" '
|
|
# '"$http_user_agent" "$http_x_forwarded_for"';
|
|
|
|
#access_log logs/access.log main;
|
|
|
|
# Log in JSON Format
|
|
# log_format nginxlog_json escape=json '{ "timestamp": "$time_iso8601", '
|
|
# '"remote_addr": "$remote_addr", '
|
|
# '"body_bytes_sent": $body_bytes_sent, '
|
|
# '"request_time": $request_time, '
|
|
# '"response_status": $status, '
|
|
# '"request": "$request", '
|
|
# '"request_method": "$request_method", '
|
|
# '"host": "$host",'
|
|
# '"upstream_addr": "$upstream_addr",'
|
|
# '"http_x_forwarded_for": "$http_x_forwarded_for",'
|
|
# '"http_referrer": "$http_referer", '
|
|
# '"http_user_agent": "$http_user_agent", '
|
|
# '"http_version": "$server_protocol", '
|
|
# '"nginx_access": true }';
|
|
# access_log /dev/stdout nginxlog_json;
|
|
|
|
# See Move default writable paths to a dedicated directory (#119)
|
|
# https://github.com/openresty/docker-openresty/issues/119
|
|
client_body_temp_path /var/run/openresty/nginx-client-body;
|
|
proxy_temp_path /var/run/openresty/nginx-proxy;
|
|
fastcgi_temp_path /var/run/openresty/nginx-fastcgi;
|
|
uwsgi_temp_path /var/run/openresty/nginx-uwsgi;
|
|
scgi_temp_path /var/run/openresty/nginx-scgi;
|
|
|
|
sendfile on;
|
|
#tcp_nopush on;
|
|
|
|
#keepalive_timeout 0;
|
|
keepalive_timeout 65;
|
|
|
|
#gzip on;
|
|
# The "auto_ssl" shared dict should be defined with enough storage space to
|
|
# hold your certificate data. 1MB of storage holds certificates for
|
|
# approximately 100 separate domains.
|
|
lua_shared_dict auto_ssl 1m;
|
|
# The "auto_ssl_settings" shared dict is used to temporarily store various settings
|
|
# like the secret used by the hook server on port 8999. Do not change or
|
|
# omit it.
|
|
lua_shared_dict auto_ssl_settings 64k;
|
|
|
|
# Initial setup tasks.
|
|
init_by_lua_block {
|
|
auto_ssl = (require "resty.auto-ssl").new()
|
|
|
|
-- Define a function to determine which SNI domains to automatically handle
|
|
-- and register new certificates for. Defaults to not allowing any domains,
|
|
-- so this must be configured.
|
|
auto_ssl:set("allow_domain", function(domain)
|
|
return true
|
|
end)
|
|
|
|
auto_ssl:init()
|
|
}
|
|
|
|
init_worker_by_lua_block {
|
|
auto_ssl:init_worker()
|
|
}
|
|
include /etc/nginx/conf.d/*.conf;
|
|
|
|
# Don't reveal OpenResty version to clients.
|
|
# server_tokens off;
|
|
}
|