pleb/ansible-role-strfry
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove http2 because it probably provides absolutely no benefit for a nostr client.

Browse Source
This commit is contained in:
Brian Lee 2023-07-30 19:57:29 -07:00
parent 18884a4efb
commit f7d7a58f74
1 changed files with 93 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
docs/examples/nginx_conf.yml
View File

@ -1,8 +1,48 @@
---
- name: strfry | Configure nginx
ansible.builtin.import_role:
name: nginxinc.nginx_core.nginx_config
name: nginx_core.nginx_config
vars:
# afaict, overriding any numeric values in the main nginx config requires replacing the entire dictionary.
# See: https://github.com/nginxinc/ansible-role-nginx-config/issues/352
# The only difference between this and the main nginx config is the worker_rlimit_nofile value and worker_connections.
nginx_config_main_template_enable: true
nginx_config_main_template:
template_file: nginx.conf.j2
deployment_location: /etc/nginx/nginx.conf
backup: false
config: # https://nginx.org/en/docs/ngx_core_module.html
main:
user:
username: nginx
group: nginx
worker_processes: auto
error_log:
file: /var/log/nginx/error.log
level: notice
pid: /var/run/nginx.pid
# worker_rlimit_nofile changes the limit on the maximum number of open files (RLIMIT_NOFILE) for worker processes.
# Used to increase the limit without restarting the main process.
# The recomended value seems to be worker_connections * 2
worker_rlimit_nofile: 12288
events:
worker_connections: 4096
# include: # String or a list of strings
# - /etc/nginx/modules.conf
http: # https://nginx.org/en/docs/http/ngx_http_core_module.html
default_type: application/octet-stream
sendfile: true
server_tokens: false
tcp_nodelay: true
tcp_nopush: true
include:
- /etc/nginx/mime.types
- /etc/nginx/http.conf # These are shared http level configs that nginx_conf refuses to directly configure.
- /etc/nginx/conf.d/*.conf
nginx_config_http_template_enable: true
nginx_config_http_template:
- template_file: http/default.conf.j2
@ -20,8 +60,9 @@
- address: "{{ default_interface_ipv4_address|default(ansible_default_ipv4.address) }}:{{ nginx_strfry_https_port|default(443) }} ssl"
include:
- "/etc/nginx/acme_{{ nginx_strfry_domain }}.conf"
- /etc/nginx/enable_http2.conf
client_max_body_size: 0 # Stream request body to backend
http2:
enable: true
locations:
- location: /
proxy:
@ -39,3 +80,53 @@
connect_timeout: 3m
send_timeout: 3m
read_timeout: 3m
- template_file: http/default.conf.j2
deployment_location: /etc/nginx/http.conf
backup: false
config:
core:
default_type: application/octet-stream
sendfile: true
server_tokens: false
tcp_nodelay: true
tcp_nopush: true
resolver: # required for oscp stapling
address:
- '1.1.1.1'
- '8.8.8.8'
resolver_timeout: 10s
log:
format:
- name: main
format: |
'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" "$realip_remote_addr"'
gzip: # https://nginx.org/en/docs/http/ngx_http_gzip_module.html
enable: true
comp_level: 3
disable: "msie6"
min_length: 1100
proxied: any
types:
- text/plain
- text/css
- application/x-javascript
- text/xml
- application/xml
vary: true
- template_file: http/default.conf.j2
deployment_location: "/etc/nginx/conf.d/mappings.conf"
backup: false
config:
map:
mappings: # https://nginx.org/en/docs/http/websocket.html
- string: $http_upgrade
variable: $connection_upgrade
content:
- value: default
new_value: upgrade
- value: "''"
new_value: close