aboutsummaryrefslogtreecommitdiff
path: root/templates
diff options
context:
space:
mode:
Diffstat (limited to 'templates')
-rw-r--r--templates/nginx/acl9
-rw-r--r--templates/nginx/acme-challenge4
-rw-r--r--templates/nginx/nginx.conf41
3 files changed, 54 insertions, 0 deletions
diff --git a/templates/nginx/acl b/templates/nginx/acl
new file mode 100644
index 0000000..ad33e0a
--- /dev/null
+++ b/templates/nginx/acl
@@ -0,0 +1,9 @@
+# RFC 1918 addresses
+allow 172.16.0.0/12;
+allow 192.168.0.0/16;
+allow 10.0.0.0/8;
+
+{{nginx_acl_block}}
+
+deny all;
+
diff --git a/templates/nginx/acme-challenge b/templates/nginx/acme-challenge
new file mode 100644
index 0000000..934999f
--- /dev/null
+++ b/templates/nginx/acme-challenge
@@ -0,0 +1,4 @@
+ location /.well-known/acme-challenge {
+ # This works for acmetool. If using letsencrypt change 'alias' to 'root'
+ alias /var/lib/acme-challenge;
+ }
diff --git a/templates/nginx/nginx.conf b/templates/nginx/nginx.conf
new file mode 100644
index 0000000..3bf546f
--- /dev/null
+++ b/templates/nginx/nginx.conf
@@ -0,0 +1,41 @@
+worker_processes {{nginx_worker_processes}};
+
+events {
+ worker_connections {{nginx_worker_connections}};
+}
+
+
+http {
+ include mime.types;
+ default_type application/octet-stream;
+
+ sendfile on;
+ #tcp_nopush on;
+
+ #keepalive_timeout 0;
+ keepalive_timeout 65;
+
+ gzip on;
+
+ server_tokens off;
+
+ server {
+ listen 80;
+ listen [::]:80;
+ server_name localhost;
+
+ location / {
+ root /usr/share/nginx/html;
+ index index.html index.htm;
+ }
+
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root /usr/share/nginx/html;
+ }
+ }
+
+ include conf.d/*.conf;
+
+}
+
You can read more about the author.