nginx-proxy-confs: Inital commit

2026-06-27 10:42:20 -04:00 · 2020-12-11 18:12:27 +01:00
parent d1dc6e5858
commit cd4f462e8f
9 changed files with 241 additions and 47 deletions
@@ -0,0 +1,37 @@
+## Version 2020/12/11 - Changelog: https://github.com/linuxserver/docker-mods/blob/nginx-proxy-confs/root/defaults/nginx.conf
+
+server {
+	listen 80 default_server;
+	listen 443 ssl;
+	server_name _;
+
+	root /config/www;
+
+	index index.html index.htm index.php;
+
+	# enable subfolder method reverse proxy confs
+	include /config/nginx/proxy-confs/*.subfolder.conf;
+
+	ssl_certificate /config/keys/cert.crt;
+	ssl_certificate_key /config/keys/cert.key;
+
+
+	client_max_body_size 0;
+
+	location / {
+		try_files $uri $uri/ /index.html /index.php?$args =404;
+	}
+
+	location ~ \.php$ {
+		fastcgi_split_path_info ^(.+\.php)(/.+)$;
+		fastcgi_pass 127.0.0.1:9000;
+		fastcgi_index index.php;
+		include /etc/nginx/fastcgi_params;
+	}
+
+}
+
+# enable subdomain method reverse proxy confs
+include /config/nginx/proxy-confs/*.subdomain.conf;
+# enable proxy cache for auth
+proxy_cache_path cache/ keys_zone=auth_cache:10m;
@@ -0,0 +1,91 @@
+## Version 2020/12/11 - Changelog: https://github.com/linuxserver/docker-mods/blob/nginx-proxy-confs/root/defaults/nginx.conf
+
+user abc;
+worker_processes 4;
+pid /run/nginx.pid;
+include /etc/nginx/modules/*.conf;
+
+events {
+	worker_connections 768;
+	# multi_accept on;
+}
+
+http {
+
+	##
+	# Basic Settings
+	##
+
+	client_body_buffer_size 128k;
+	client_max_body_size 0;
+	keepalive_timeout 65;
+	large_client_header_buffers 4 16k;
+	send_timeout 5m;
+	sendfile on;
+	tcp_nodelay on;
+	tcp_nopush on;
+	types_hash_max_size 2048;
+	variables_hash_max_size 2048;
+
+	# server_tokens off;
+	# server_names_hash_bucket_size 64;
+	# server_name_in_redirect off;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# Logging Settings
+	##
+
+	access_log /config/log/nginx/access.log;
+	error_log /config/log/nginx/error.log;
+
+	##
+	# Gzip Settings
+	##
+
+	gzip on;
+	gzip_disable "msie6";
+
+	# gzip_vary on;
+	# gzip_proxied any;
+	# gzip_comp_level 6;
+	# gzip_buffers 16 8k;
+	# gzip_http_version 1.1;
+	# gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+
+	##
+	# nginx-naxsi config
+	##
+	# Uncomment it if you installed nginx-naxsi
+	##
+
+	#include /etc/nginx/naxsi_core.rules;
+
+	##
+	# nginx-passenger config
+	##
+	# Uncomment it if you installed nginx-passenger
+	##
+
+	#passenger_root /usr;
+	#passenger_ruby /usr/bin/ruby;
+
+	##
+	# WebSocket proxying
+	##
+	map $http_upgrade $connection_upgrade {
+		default upgrade;
+		''      close;
+	}
+
+	##
+	# Virtual Host Configs
+	##
+	include /etc/nginx/conf.d/*.conf;
+	include /config/nginx/site-confs/*;
+	lua_load_resty_core off;
+}
+
+daemon off;
@@ -0,0 +1,46 @@
+## Version 2020/12/11 - Changelog: https://github.com/linuxserver/docker-mods/blob/nginx-proxy-confs/root/defaults/ssl.conf
+
+### Mozilla Recommendations
+# generated 2020-06-17, Mozilla Guideline v5.4, nginx 1.18.0-r0, OpenSSL 1.1.1g-r0, intermediate configuration
+# https://ssl-config.mozilla.org/#server=nginx&version=1.18.0-r0&config=intermediate&openssl=1.1.1g-r0&guideline=5.4
+
+ssl_session_timeout 1d;
+ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
+ssl_session_tickets off;
+
+# intermediate configuration
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+ssl_prefer_server_ciphers off;
+
+# OCSP stapling
+ssl_stapling on;
+ssl_stapling_verify on;
+
+
+### Linuxserver.io Defaults
+
+# Certificates
+ssl_certificate /config/keys/cert.crt;
+ssl_certificate_key /config/keys/cert.key;
+
+# Diffie-Hellman Parameters
+ssl_dhparam /config/nginx/dhparams.pem;
+
+# Resolver
+resolver 127.0.0.11 valid=30s; # Docker DNS Server
+
+# Enable TLS 1.3 early data
+ssl_early_data on;
+
+# HSTS, remove # from the line below to enable HSTS
+#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
+
+# Optional additional headers
+#add_header Cache-Control "no-transform" always;
+#add_header Content-Security-Policy "upgrade-insecure-requests; frame-ancestors 'self'";
+#add_header Referrer-Policy "same-origin" always;
+#add_header X-Content-Type-Options "nosniff" always;
+#add_header X-Frame-Options "SAMEORIGIN" always;
+#add_header X-UA-Compatible "IE=Edge" always;
+#add_header X-XSS-Protection "1; mode=block" always;