Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / nginx / 2233c2855b1773b6474a5bff8ea871b9817368b3 / . / README.rst
blob: d7f004b42f4eaeef8f7be1a953fd03d815eb42fa [file] [log] [blame]
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200[diff] [blame]1
Aleš Komárek296a8442017-04-11 13:22:35 +0200[diff] [blame]2=============
OlgaGusarenkoe2f808f2018-07-30 23:42:18 +0300[diff] [blame]3Usage
Aleš Komárek296a8442017-04-11 13:22:35 +0200[diff] [blame]4=============
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200[diff] [blame]5
OlgaGusarenkoe2f808f2018-07-30 23:42:18 +0300[diff] [blame]6Nginx is an open source reverse proxy server for HTTP, HTTPS,
7SMTP, POP3, and IMAP protocols, as well as a load balancer,
8HTTP cache, and a web server (origin server). The nginx project
9started with a strong focus on high concurrency, high performance
10and low memory usage.
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200[diff] [blame]11
Aleš Komárek296a8442017-04-11 13:22:35 +0200[diff] [blame]12Sample Pillars
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200[diff] [blame]13==============
14
OlgaGusarenkoe2f808f2018-07-30 23:42:18 +0300[diff] [blame]15Gitlab server setup:
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200[diff] [blame]16
17.. code-block:: yaml
18
19 nginx:
20 server:
21 enabled: true
22 bind:
23 address: '0.0.0.0'
24 ports:
25 - 80
26 site:
27 gitlab_domain:
28 enabled: true
29 type: gitlab
30 name: domain
31 ssl:
32 enabled: true
33 key: |
34 -----BEGIN RSA PRIVATE KEY-----
35 ...
36 cert: |
37 xyz
38 chain: |
39 my_chain..
40 host:
41 name: gitlab.domain.com
42 port: 80
43
OlgaGusarenkoe2f808f2018-07-30 23:42:18 +0300[diff] [blame]44Simple static HTTP site:
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200[diff] [blame]45
46.. code-block:: yaml
47
48 nginx:
49 server:
50 site:
51 nginx_static_site01:
52 enabled: true
Niklaus Giger23096b22017-06-30 16:41:49 +0200[diff] [blame]53 type: nginx_static
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200[diff] [blame]54 name: site01
55 host:
56 name: gitlab.domain.com
57 port: 80
58
OlgaGusarenkoe2f808f2018-07-30 23:42:18 +0300[diff] [blame]59Simple load balancer:
Dmitry Stremkovskiy52145c62017-08-21 23:42:17 +0300[diff] [blame]60
61.. code-block:: yaml
62
63 nginx:
64 server:
65 upstream:
66 horizon-upstream:
67 backend1:
68 address: 10.10.10.113
69 port: 8078
70 opts: weight=3
71 backend2:
72 address: 10.10.10.114
73 site:
74 nginx_proxy_openstack_web:
75 enabled: true
76 type: nginx_proxy
77 name: openstack_web
78 proxy:
79 upstream_proxy_pass: http://horizon-upstream
80 host:
81 name: 192.168.0.1
82 port: 31337
83
OlgaGusarenkoe2f808f2018-07-30 23:42:18 +0300[diff] [blame]84Static site with access policy:
Adam Tenglere7746cb2016-04-27 19:01:25 +0200[diff] [blame]85
86.. code-block:: yaml
87
88 nginx:
89 server:
90 site:
91 nginx_static_site01:
92 enabled: true
Niklaus Giger23096b22017-06-30 16:41:49 +0200[diff] [blame]93 type: nginx_static
Adam Tenglere7746cb2016-04-27 19:01:25 +0200[diff] [blame]94 name: site01
95 access_policy:
96 allow:
97 - 192.168.1.1/24
98 - 127.0.0.1
99 deny:
100 - 192.168.1.2
101 - all
102 host:
103 name: gitlab.domain.com
104 port: 80
105
OlgaGusarenkoe2f808f2018-07-30 23:42:18 +0300[diff] [blame]106Simple TCP/UDP proxy:
Dmitry Stremkovskiy6484afa2017-08-22 17:07:06 +0300[diff] [blame]107
108.. code-block:: yaml
109
110 nginx:
111 server:
112 stream:
113 rabbitmq:
114 host:
115 port: 5672
116 backend:
117 server1:
118 address: 10.10.10.113
119 port: 5672
120 least_conn: true
121 hash: "$remote_addr consistent"
122 unbound:
123 host:
124 bind: 127.0.0.1
125 port: 53
126 protocol: udp
127 backend:
128 server1:
129 address: 10.10.10.113
130 port: 5353
131
OlgaGusarenkoe2f808f2018-07-30 23:42:18 +0300[diff] [blame]132Simple HTTP proxy:
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200[diff] [blame]133
134.. code-block:: yaml
135
136 nginx:
137 server:
138 site:
139 nginx_proxy_site01:
140 enabled: true
Niklaus Giger23096b22017-06-30 16:41:49 +0200[diff] [blame]141 type: nginx_proxy
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200[diff] [blame]142 name: site01
143 proxy:
144 host: local.domain.com
145 port: 80
146 protocol: http
147 host:
148 name: gitlab.domain.com
149 port: 80
150
OlgaGusarenkoe2f808f2018-07-30 23:42:18 +0300[diff] [blame]151Simple HTTP proxy with multiple locations:
152
153.. note:: If proxy part is defined and location is missing ``/``,
154 the proxy part is used. If the ``/`` location is defined,
155 it overrides the proxy part.
Jakub Josef83f7acf2018-04-09 16:05:49 +0200[diff] [blame]156
157.. code-block:: yaml
158
159 nginx:
160 server:
161 site:
162 nginx_proxy_site01:
163 enabled: true
164 type: nginx_proxy
165 name: site01
166 proxy:
167 host: local.domain.com
168 port: 80
169 protocol: http
170 location:
171 /internal/:
172 host: 172.120.10.200
173 port: 80
174 protocol: http
175 /doc/:
176 host: 172.10.10.200
177 port: 80
178 protocol: http
179 host:
180 name: gitlab.domain.com
181 port: 80
182
183.. code-block:: yaml
184
185 nginx:
186 server:
187 site:
188 nginx_proxy_site01:
189 enabled: true
190 type: nginx_proxy
191 name: site01
192 location:
193 /:
194 host: 172.120.10.200
195 port: 80
196 protocol: http
197 /doc/:
198 host: 172.10.10.200
199 port: 80
200 protocol: http
201 host:
202 name: gitlab.domain.com
203 port: 80
204
OlgaGusarenkoe2f808f2018-07-30 23:42:18 +0300[diff] [blame]205Simple Websocket proxy:
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200[diff] [blame]206
207.. code-block:: yaml
208
209 nginx:
210 server:
211 site:
212 nginx_proxy_site02:
213 enabled: true
Niklaus Giger23096b22017-06-30 16:41:49 +0200[diff] [blame]214 type: nginx_proxy
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200[diff] [blame]215 name: site02
216 proxy:
217 websocket: true
218 host: local.domain.com
219 port: 80
220 protocol: http
221 host:
222 name: gitlab.domain.com
223 port: 80
224
OlgaGusarenkoe2f808f2018-07-30 23:42:18 +0300[diff] [blame]225Content filtering proxy:
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200[diff] [blame]226
227.. code-block:: yaml
228
229 nginx:
230 server:
231 enabled: true
232 site:
233 nginx_proxy_site03:
234 enabled: true
Niklaus Giger23096b22017-06-30 16:41:49 +0200[diff] [blame]235 type: nginx_proxy
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200[diff] [blame]236 name: site03
237 proxy:
238 host: local.domain.com
239 port: 80
240 protocol: http
241 filter:
242 search: https://www.domain.com
243 replace: http://10.10.10.10
244 host:
245 name: gitlab.domain.com
246 port: 80
247
OlgaGusarenkoe2f808f2018-07-30 23:42:18 +0300[diff] [blame]248Proxy with access policy:
Adam Tenglere7746cb2016-04-27 19:01:25 +0200[diff] [blame]249
250.. code-block:: yaml
251
252 nginx:
253 server:
254 site:
255 nginx_proxy_site01:
256 enabled: true
Niklaus Giger23096b22017-06-30 16:41:49 +0200[diff] [blame]257 type: nginx_proxy
Adam Tenglere7746cb2016-04-27 19:01:25 +0200[diff] [blame]258 name: site01
259 access_policy:
260 allow:
261 - 192.168.1.1/24
262 - 127.0.0.1
263 deny:
264 - 192.168.1.2
265 - all
266 proxy:
267 host: local.domain.com
268 port: 80
269 protocol: http
270 host:
271 name: gitlab.domain.com
272 port: 80
273
Taras Khlivnyak4948b0a2022-05-13 16:03:27 +0300[diff] [blame]274Location with access policy:
275
276.. note:: If location is defined and access_policy for location is defined,
277 it overrides main access_policy for that location.
278
279.. code-block:: yaml
280
281 nginx:
282 server:
283 site:
284 nginx_proxy_site01:
285 enabled: true
286 type: nginx_proxy
287 name: site01
288 access_policy:
289 allow:
290 - 192.168.1.1/24
291 - 127.0.0.1
292 deny:
293 - 192.168.1.2
294 - all
295 proxy:
296 host: local.domain.com
297 port: 80
298 protocol: http
299 location:
300 /internal/:
301 host: 172.120.10.200
302 port: 80
303 protocol: http
304 /restricted/:
305 host: 172.10.10.200
306 port: 80
307 protocol: http
308 access_policy:
309 allow:
310 - 10.10.10.0/24
311 - 127.0.0.1
312 deny:
313 - all
314 host:
315 name: gitlab.domain.com
316 port: 80
317
318
319
Vasyl Saienkoc14eca22018-12-07 09:46:17 +0000[diff] [blame]320Use nginx `ngx_http_map_module` that creates variables whose values depend on
321values of other variables.
Michel Nederlofeb5dd232018-03-13 13:57:34 +0100[diff] [blame]322
323.. code-block:: yaml
324
Vasyl Saienkoc14eca22018-12-07 09:46:17 +0000[diff] [blame]325 nginx:
326 server:
327 enabled: true
328 map:
329 enabled: true
330 items:
331 mymap:
332 enabled: true
333 string: input_string
334 variable: output_map_variable
335 body:
336 default:
337 value: '""'
338 example.com:
339 value: '1'
340 example.org:
341 value: '2'
342
343Use nginx `ngx_http_geo_module module` that creates variables with values
344depending on the client IP address.
345
346.. code-block:: yaml
347
348 nginx:
349 server:
350 enabled: true
351 geo:
352 enabled: true
353 items:
354 my_geo_map:
355 enabled: true
356 variable: output_get_variable
357 body:
358 default:
359 value: '""'
360 cl1
361 name: 10.12.100.1/32
362 value: '1'
363 cl2
364 name: 10.13.0.0/16
365 value: 2'
366
367Use `ngx_http_limit_req_module` module that is used to limit the request
368processing rate per a defined key, in particular, the processing rate of
369requests coming from a single IP address. The limitation is done using
370the `leaky bucket` method.
371The `limit_req_module` might be configured globally or applied to specific
372nginx site.
373
374.. code-block:: yaml
375
376 nginx:
377 server:
378 limit_req_module:
379 limit_req_zone:
380 global_limit_ip_zone:
381 key: global_limit_ip_var
382 size: 10m
383 rate: '1r/s'
384 limit_req_status: 503
385 limit_req:
386 global_limit_zone:
387 burst: 5
388 enabled: true
389
390There is an example to to limit requests to all sites based on IP.
391In the following example all clients are limited except of 10.12.100.1
392with 1 req per second.
393
394#. Create geo instance that will match IP and set `limit_action` var.
395 "0" - is unlimited, 1 - limited
396
397#. Create a `global_geo_limiting_map` that will map `ip_limit_key` to
398 `ip_limit_action`
399
400#. Create global `limit_req_zone` called `global_limit_zone` that limits
401 number of requests to 1r/s
402
403#. Apply `global_limit_zone` globally to all requests with 5 req burst.
404
405.. code-block:: yaml
406
407 nginx:
408 server:
409 enabled: true
410 geo:
411 enabled: true
412 items:
413 global_geo_limiting:
414 enabled: true
415 variable: ip_limit_key
416 body:
417 default:
418 value: '1'
419 unlimited_client1:
420 name: '10.12.100.1/32'
421 value: '0'
422 map:
423 enabled: true
424 items:
425 global_geo_limiting_map:
426 enabled: true
427 string: ip_limit_key
428 variable: ip_limit_action
429 body:
430 limited:
431 name: 1
432 value: '$binary_remote_addr'
433 unlimited:
434 name: 0
435 value: '""'
436 limit_req_module:
437 limit_req_zone:
438 global_limit_zone:
439 key: ip_limit_action
440 size: 10m
441 rate: '1r/s'
442 limit_req_status: 503
443 limit_req:
444 global_limit_zone:
445 burst: 5
446 enabled: true
447
448To apply request limiting to particular site only `limit_req` should be
449applied on site level, for example:
450
451.. code-block:: yaml
452
Michel Nederlofeb5dd232018-03-13 13:57:34 +0100[diff] [blame]453 nginx:
454 server:
455 site:
Vasyl Saienkoc14eca22018-12-07 09:46:17 +0000[diff] [blame]456 nginx_proxy_openstack_api_keystone:
457 limit_req_module:
458 limit_req:
459 global_limit_zone:
460 burst: 5
461 enabled: true
462
Taras Khlivnyak2233c282022-06-02 16:27:06 +0300[diff] [blame^]463To apply request limiting to particular location of particular site `limit` should be
464applied on location level. Pay attention that location level overrides site level,
465Two methods are supported:
466 - By IP
467 - By http requst method (get, post ...)
468for example:
469
470.. code-block:: yaml
471
472 nginx:
473 server:
474 site:
475 nginx_proxy_openstack_api_keystone:
476 location:
477 /some_location/:
478 limit:
479 enabled: true
480 methods:
481 ip:
482 enabled: True
483 get:
484 enabled: True
485 rate: 120r/s
486 burst: 600
487 size: 20m
488 nodelay: True
489 post:
490 enabled: True
491 rate: 50r/m
492 burst: 80
Michel Nederlofeb5dd232018-03-13 13:57:34 +0100[diff] [blame]493
Oleksandr Bryndziia26617c2018-12-07 17:36:42 +0000[diff] [blame]494Use `ngx_http_limit_conn_module` module that is used to set the shared memory
495zone and the maximum allowed number of connections for a given key value.
496The `limit_conn_module` might be configured globally or applied to specific
497nginx site.
498
499.. code-block:: yaml
500
501 nginx:
502 server:
503 limit_conn_module:
504 limit_conn_zone:
505 global_limit_conn_zone:
506 key: 'binary_remote_addr'
507 size: 10m
508 limit_conn_status: 503
509 limit_conn:
510 global_limit_conn_zone:
511 connection: 50
512 enabled: true
513
514
515To apply connection limiting to particular site only `limit_conn` should be
516applied on site level, for example:
517
518.. code-block:: yaml
519
520 nginx:
521 server:
522 site:
523 nginx_proxy_openstack_web:
524 limit_conn_module:
525 limit_conn:
526 global_limit_conn_zone:
527 connections: 25
528 enabled: true
529
OlgaGusarenkoe2f808f2018-07-30 23:42:18 +0300[diff] [blame]530Gitlab server with user for basic auth:
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200[diff] [blame]531
532.. code-block:: yaml
533
534 nginx:
535 server:
536 enabled: true
537 user:
538 username1:
539 enabled: true
540 password: magicunicorn
541 htpasswd: htpasswd-site1
542 username2:
543 enabled: true
544 password: magicunicorn
545
OlgaGusarenkoe2f808f2018-07-30 23:42:18 +0300[diff] [blame]546Proxy buffering:
Ales Komarekd77b7972015-11-12 11:02:39 +0100[diff] [blame]547
548.. code-block:: yaml
549
550 nginx:
551 server:
552 enabled: true
553 bind:
554 address: '0.0.0.0'
555 ports:
556 - 80
557 site:
558 gitlab_proxy:
559 enabled: true
Niklaus Giger23096b22017-06-30 16:41:49 +0200[diff] [blame]560 type: nginx_proxy
Ales Komarekd77b7972015-11-12 11:02:39 +0100[diff] [blame]561 proxy:
Ondrej Smola5e177bc2017-12-07 12:55:23 +0100[diff] [blame]562 request_buffer: false
Ales Komarekd77b7972015-11-12 11:02:39 +0100[diff] [blame]563 buffer:
564 number: 8
565 size: 16
566 host:
567 name: gitlab.domain.com
568 port: 80
569
Valeriy Sakharov1cd5c5b2021-07-02 14:40:51 +0400[diff] [blame]570If we need to read large client request headers, we need to add new
571parameter `large_client_header_buffers` with buffers number and size:
572.. code-block:: yaml
573 nginx:
574 server:
575 enabled: true
576 bind:
577 address: '0.0.0.0'
578 ports:
579 - 80
580 site:
581 gitlab_proxy:
582 enabled: true
583 type: nginx_proxy
584 large_client_header_buffers: '4 8k'
585 host:
586 name: gitlab.domain.com
587 port: 80
588
OlgaGusarenkoe2f808f2018-07-30 23:42:18 +0300[diff] [blame]589Let's Encrypt:
Michael Kutý3a5abf12015-12-04 21:03:33 +0100[diff] [blame]590
591.. code-block:: yaml
592
593 nginx:
594 server:
595 enabled: true
596 bind:
597 address: '0.0.0.0'
598 ports:
599 - 443
600 site:
601 gitlab_domain:
602 enabled: true
603 type: gitlab
604 name: domain
605 ssl:
606 enabled: true
607 engine: letsencrypt
608 host:
609 name: gitlab.domain.com
610 port: 443
611
Filip Pytloune0f75512016-11-03 14:34:26 +0100[diff] [blame]612SSL using already deployed key and cert file.
OlgaGusarenkoe2f808f2018-07-30 23:42:18 +0300[diff] [blame]613
614.. note:: The cert file should already contain CA cert and
615 complete chain.
Filip Pytloune0f75512016-11-03 14:34:26 +0100[diff] [blame]616
617.. code-block:: yaml
618
619 nginx:
620 server:
621 enabled: true
622 site:
623 mysite:
624 ssl:
625 enabled: true
626 key_file: /etc/ssl/private/mykey.key
627 cert_file: /etc/ssl/cert/mycert.crt
628
Denis Egorenkob8cb5432019-07-15 16:47:32 +0400[diff] [blame]629or
630
631.. code-block:: yaml
632
633 nginx:
634 server:
635 enabled: true
636 site:
637 mysite:
638 ssl:
639 enabled: true
640 engine: custom
641 key_file: /etc/ssl/private/mykey.key
642 cert_file: /etc/ssl/cert/mycert.crt
643
OlgaGusarenkoe2f808f2018-07-30 23:42:18 +0300[diff] [blame]644Advanced SSL configuration, more information about SSL option
645may be found at http://nginx.org/en/docs/http/ngx_http_ssl_module.html
646
647.. note:: Prior to nginx 1.11.0, only one type of ecdh curve
648 can be applied in ``ssl_ecdh_curve directive``.
649
650 if mode = ``secure`` or mode = ``normal`` and ``ciphers``
651 or ``protocols`` are set, they should have type ``string``.
652 If mode = ``manual``, their type should be ``dict``
653 as shown below.
Vasyl Saienkod3348f62018-02-09 20:08:01 +0200[diff] [blame]654
655.. code-block:: yaml
656
657 nginx:
658 server:
659 enabled: true
660 site:
661 mysite:
662 ssl:
663 enabled: true
664 mode: 'manual'
665 key_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}.key
666 cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}.crt
667 chain_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}-with-chain.crt
668 protocols:
669 TLS1:
670 name: 'TLSv1'
671 enabled: True
672 TLS1_1:
673 name: 'TLSv1.1'
674 enabled: True
675 TLS1_2:
676 name: 'TLSv1.2'
677 enabled: False
678 ciphers:
679 ECDHE_RSA_AES256_GCM_SHA384:
680 name: 'ECDHE-RSA-AES256-GCM-SHA384'
681 enabled: True
682 ECDHE_ECDSA_AES256_GCM_SHA384:
683 name: 'ECDHE-ECDSA-AES256-GCM-SHA384'
684 enabled: True
685 buffer_size: '16k'
686 crl:
687 file: '/etc/ssl/crl.pem'
688 enabled: False
689 dhparam:
690 enabled: True
691 numbits: 2048
azvyagintsev4f4e7d42019-01-24 13:44:55 +0200[diff] [blame]692 use_dsaparam: True
Vasyl Saienkod3348f62018-02-09 20:08:01 +0200[diff] [blame]693 ecdh_curve:
694 secp384r1:
695 name: 'secp384r1'
696 enabled: False
697 secp521r1:
698 name: 'secp521r1'
699 enabled: True
700 password_file:
701 content: 'testcontent22'
702 enabled: True
703 file: '/etc/ssl/password.key'
704 prefer_server_ciphers: 'on'
705 ticket_key:
706 enabled: True
707 numbytes: 48
708 resolver:
709 address: '127.0.0.1'
710 valid_seconds: '500'
711 timeout_seconds: '60'
712 session_tickets: 'on'
713 stapling: 'off'
714 stapling_file: '/path/to/stapling/file'
715 stapling_responder: 'http://ocsp.example.com/'
716 stapling_verify: 'on'
717 verify_client: 'on'
718 client_certificate:
719 file: '/etc/ssl/client_cert.pem'
720 enabled: False
721 verify_depth: 1
722 session_cache: 'shared:SSL:15m'
723 session_timeout: '15m'
Adam Tengler5c64af62018-06-22 12:17:55 +0000[diff] [blame]724 strict_transport_security:
725 max_age: 16000000
726 include_subdomains: False
727 always: true
728 enabled: true
Vasyl Saienkod3348f62018-02-09 20:08:01 +0200[diff] [blame]729
Vasyl Saienkof5c57e22018-09-28 08:54:33 +0000[diff] [blame]730Setting custom proxy headers:
731
732.. code-block:: yaml
733
734 nginx:
735 server:
736 enabled: true
737 site:
738 custom_headers:
739 type: nginx_proxy
740 proxy_set_header:
741 Host:
742 enabled: true
743 value: "$host:8774"
744 X-Real-IP:
745 enabled: true
746 value: '$remote_addr'
747 X-Forwarded-For:
748 enabled: true
749 value: '$proxy_add_x_forwarded_for'
750 X-Forwarded-Proto:
751 enabled: true
752 value: '$scheme'
753 X-Forwarded-Port:
754 enabled: true
755 value: '$server_port'
756
Dzmitry Stremkouski13772462018-10-27 14:56:47 +0200[diff] [blame]757Define site catalog indexes:
758
759.. code-block:: yaml
760
761 nginx:
762 server:
763 enabled: true
764 site:
765 nginx_catalog:
766 enabled: true
767 type: nginx_static
768 name: server
769 indexes:
770 - index.htm
771 - index.html
772 host:
773 name: 127.0.0.1
774 port: 80
775
776Define site catalog autoindex:
777
778.. code-block:: yaml
779
780 nginx:
781 server:
782 enabled: true
783 site:
784 nginx_catalog:
785 enabled: true
786 type: nginx_static
787 name: server
788 autoindex: True
789 host:
790 name: 127.0.0.1
791 port: 80
792
793Nginx stats server (required by collectd nginx plugin) (DEPRECATED):
Adam Tenglerc3916572016-01-25 17:46:52 +0100[diff] [blame]794
Aleš Komárek296a8442017-04-11 13:22:35 +0200[diff] [blame]795.. code-block:: yaml
Adam Tenglerc3916572016-01-25 17:46:52 +0100[diff] [blame]796
797 nginx:
798 server:
799 enabled: true
800 site:
801 nginx_stats_server:
802 enabled: true
803 type: nginx_stats
804 name: server
805 host:
806 name: 127.0.0.1
807 port: 8888
808
Dzmitry Stremkouski13772462018-10-27 14:56:47 +0200[diff] [blame]809or:
810
811.. code-block:: yaml
812
813 nginx:
814 server:
815 enabled: true
816 site:
817 nginx_stats_server:
818 enabled: true
819 root: disabled
820 indexes: []
821 stats: True
822 type: nginx_static
823 name: stat_server
824 host:
825 name: 127.0.0.1
826 address: 127.0.0.1
827 port: 8888
828
OlgaGusarenkoe2f808f2018-07-30 23:42:18 +0300[diff] [blame]829Nginx configured to wait for another service/s before
830starting (currently only with systemd):
Adam Tengler86893942018-06-20 14:06:24 +0000[diff] [blame]831
832.. code-block:: yaml
833
834 nginx:
835 server:
836 wait_for_service:
837 - foo-bar.mount
838 enabled: true
839 site:
840 ...
841
Aleš Komárek296a8442017-04-11 13:22:35 +0200[diff] [blame]842More Information
843================
Filip Pytloun6b5bb652015-10-06 16:28:32 +0200[diff] [blame]844
845* http://wiki.nginx.org/Main
846* https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
847* http://nginx.com/resources/admin-guide/reverse-proxy/
848* https://mozilla.github.io/server-side-tls/ssl-config-generator/