Rework nginx.conf to be inline with alpine upstream and relocate lines from other files

README.md

@@ -330,6 +330,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
+* **27.04.21:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, ssl.conf, proxy.conf, and the default site-conf - Rework nginx.conf to be inline with alpine upstream and relocate lines from other files.
 * **21.04.21:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-server.conf and authelia-location.conf - Add remote name/email headers and pass http method.
 * **12.04.21:** - Add php7-gmp and php7-pecl-mailparse.
 * **12.04.21:** - Add support for vultr dns validation.

readme-vars.yml

@@ -151,6 +151,7 @@ app_setup_nginx_reverse_proxy_block: ""
 
 # changelog
 changelogs:
+  - { date: "27.04.21:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, ssl.conf, proxy.conf, and the default site-conf - Rework nginx.conf to be inline with alpine upstream and relocate lines from other files." }
   - { date: "21.04.21:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-server.conf and authelia-location.conf - Add remote name/email headers and pass http method." }
   - { date: "12.04.21:", desc: "Add php7-gmp and php7-pecl-mailparse." }
   - { date: "12.04.21:", desc: "Add support for vultr dns validation." }

root/defaults/default

@@ -1,4 +1,4 @@
-## Version 2021/01/03 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/default
+## Version 2021/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/default
 
 error_page 502 /502.html;
 
@@ -151,5 +151,3 @@ server {
 
 # enable subdomain method reverse proxy confs
 include /config/nginx/proxy-confs/*.subdomain.conf;
-# enable proxy cache for auth
-proxy_cache_path cache/ keys_zone=auth_cache:10m;

root/defaults/nginx.conf

@@ -1,53 +1,97 @@
-## Version 2021/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx.conf
+## Version 2021/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx.conf
 
 user abc;
-worker_processes 4;
-pid /run/nginx.pid;
+
+# Set number of worker processes automatically based on number of CPU cores.
+worker_processes auto;
+
+# Enables the use of JIT for regular expressions to speed-up their processing.
+pcre_jit on;
+
+# Configures default error logger.
+error_log /config/log/nginx/error.log warn;
+
+# Includes files with directives to load dynamic modules.
 include /etc/nginx/modules/*.conf;
 
 events {
-	worker_connections 768;
+	# The maximum number of simultaneous connections that can be opened by
+	# a worker process.
+	worker_connections 1024;
 	# multi_accept on;
 }
 
 http {
+	# Includes mapping of file name extensions to MIME types of responses
+	# and defines the default type.
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	# Name servers used to resolve names of upstream servers into addresses.
+	# It's also needed when using tcpsocket and udpsocket in Lua modules.
+	resolver 127.0.0.11 valid=30s; # Docker DNS Server
+
+	# Don't tell nginx version to the clients. Default is 'on'.
+	server_tokens off;
+
+	# Specifies the maximum accepted body size of a client request, as
+	# indicated by the request header Content-Length. If the stated content
+	# length is greater than this size, then the client receives the HTTP
+	# error code 413. Set to 0 to disable. Default is '1m'.
+	client_max_body_size 0;
+
+	# Sendfile copies data between one FD and other from within the kernel,
+	# which is more efficient than read() + write(). Default is off.
+	sendfile on;
+
+	# Causes nginx to attempt to send its HTTP response head in one packet,
+	# instead of using partial frames. Default is 'off'.
+	tcp_nopush on;
+
+	# Helper variable for proxying websockets.
+	map $http_upgrade $connection_upgrade {
+		default upgrade;
+		'' close;
+	}
+
+	# Specifies the main log format.
+	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+			'$status $body_bytes_sent "$http_referer" '
+			'"$http_user_agent" "$http_x_forwarded_for"';
+
+	# Sets the path, format, and configuration for a buffered log write.
+	access_log /config/log/nginx/access.log main;
+
+	# Includes virtual hosts configs.
+	include /etc/nginx/http.d/*.conf;
+	include /config/nginx/site-confs/*;
+	#Removed lua. Do not remove this comment
+
+	# WARNING: Don't use this directory for virtual hosts anymore.
+	# This include will be moved to the root context in Alpine 3.14.
+	#include /etc/nginx/conf.d/*.conf;
+
 
 	##
 	# Basic Settings
 	##
 
 	client_body_buffer_size 128k;
-	client_max_body_size 0;
 	keepalive_timeout 65;
 	large_client_header_buffers 4 16k;
 	send_timeout 5m;
-	sendfile on;
 	tcp_nodelay on;
-	tcp_nopush on;
 	types_hash_max_size 2048;
 	variables_hash_max_size 2048;
-
-	# server_tokens off;
 	# server_names_hash_bucket_size 64;
 	# server_name_in_redirect off;
 
-	include /etc/nginx/mime.types;
-	default_type application/octet-stream;
-
-	##
-	# Logging Settings
-	##
-
-	access_log /config/log/nginx/access.log;
-	error_log /config/log/nginx/error.log;
-
 	##
 	# Gzip Settings
 	##
 
 	gzip on;
 	gzip_disable "msie6";
-
 	# gzip_vary on;
 	# gzip_proxied any;
 	# gzip_comp_level 6;
@@ -72,21 +116,6 @@ http {
 	#passenger_root /usr;
 	#passenger_ruby /usr/bin/ruby;
 
-	##
-	# WebSocket proxying
-	##
-	map $http_upgrade $connection_upgrade {
-		default upgrade;
-		''      close;
-	}
-
-	##
-	# Virtual Host Configs
-	##
-	include /etc/nginx/conf.d/*.conf;
-	include /config/nginx/site-confs/*;
-	#Removed lua. Do not remove this comment
-
 	##
 	# Geoip2 config
 	##
@@ -96,6 +125,8 @@ http {
 	#include /config/nginx/geoip2.conf;
 }
 
+# TIP: Uncomment if you use stream module.
+#include /etc/nginx/stream.conf;
 
 #mail {
 #	# See sample authentication script at:
@@ -118,3 +149,4 @@ http {
 #	}
 #}
 daemon off;
+pid /run/nginx.pid;

root/defaults/proxy.conf

@@ -1,4 +1,4 @@
-## Version 2020/10/04 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/proxy.conf
+## Version 2021/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/proxy.conf
 
 # Timeout if the real server is dead
 proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
@@ -15,6 +15,7 @@ proxy_send_timeout 240;
 
 # Proxy Cache and Cookie Settings
 proxy_cache_bypass $cookie_session;
+proxy_cache_path cache/ keys_zone=auth_cache:10m;
 #proxy_cookie_path / "/; Secure"; # enable at your own risk, may break certain apps
 proxy_no_cache $cookie_session;
 

root/defaults/ssl.conf

@@ -1,4 +1,4 @@
-## Version 2020/10/29 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/ssl.conf
+## Version 2021/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/ssl.conf
 
 ### Mozilla Recommendations
 # generated 2020-06-17, Mozilla Guideline v5.4, nginx 1.18.0-r0, OpenSSL 1.1.1g-r0, intermediate configuration
@@ -29,9 +29,6 @@ ssl_trusted_certificate /config/keys/letsencrypt/fullchain.pem;
 # Diffie-Hellman Parameters
 ssl_dhparam /config/nginx/dhparams.pem;
 
-# Resolver
-resolver 127.0.0.11 valid=30s; # Docker DNS Server
-
 # Enable TLS 1.3 early data
 ssl_early_data on;