From 6d19a82a722f761293a578fbb5baa1741d6edaf0 Mon Sep 17 00:00:00 2001
From: Mitch Riedstra <mitch@riedstra.us>
Date: Sat, 23 Feb 2019 22:38:41 -0500
Subject: Import

---
 templates/nginx/acl            |  9 +++++++++
 templates/nginx/acme-challenge |  4 ++++
 templates/nginx/nginx.conf     | 41 +++++++++++++++++++++++++++++++++++++++++
 3 files changed, 54 insertions(+)
 create mode 100644 templates/nginx/acl
 create mode 100644 templates/nginx/acme-challenge
 create mode 100644 templates/nginx/nginx.conf

(limited to 'templates')

diff --git a/templates/nginx/acl b/templates/nginx/acl
new file mode 100644
index 0000000..ad33e0a
--- /dev/null
+++ b/templates/nginx/acl
@@ -0,0 +1,9 @@
+# RFC 1918 addresses
+allow 172.16.0.0/12;
+allow 192.168.0.0/16;
+allow 10.0.0.0/8;
+
+{{nginx_acl_block}}
+
+deny all;
+
diff --git a/templates/nginx/acme-challenge b/templates/nginx/acme-challenge
new file mode 100644
index 0000000..934999f
--- /dev/null
+++ b/templates/nginx/acme-challenge
@@ -0,0 +1,4 @@
+	location /.well-known/acme-challenge {
+		# This works for acmetool. If using letsencrypt change 'alias' to 'root'
+		alias /var/lib/acme-challenge;
+	}
diff --git a/templates/nginx/nginx.conf b/templates/nginx/nginx.conf
new file mode 100644
index 0000000..3bf546f
--- /dev/null
+++ b/templates/nginx/nginx.conf
@@ -0,0 +1,41 @@
+worker_processes  {{nginx_worker_processes}};
+
+events {
+	worker_connections  {{nginx_worker_connections}};
+}
+
+
+http {
+	include	   mime.types;
+	default_type  application/octet-stream;
+
+	sendfile		on;
+	#tcp_nopush	 on;
+
+	#keepalive_timeout  0;
+	keepalive_timeout  65;
+
+	gzip  on;
+
+	server_tokens off;
+
+	server {
+		listen	   80;
+		listen	   [::]:80;
+		server_name  localhost;
+
+		location / {
+			root   /usr/share/nginx/html;
+			index  index.html index.htm;
+		}
+
+		error_page   500 502 503 504  /50x.html;
+		location = /50x.html {
+			root   /usr/share/nginx/html;
+		}
+	}
+
+	include conf.d/*.conf;
+
+}
+
-- 
cgit v1.2.3