diff --git a/README.md b/README.md index a17c9cb..3449417 100644 --- a/README.md +++ b/README.md @@ -330,6 +330,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **27.04.21:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, ssl.conf, proxy.conf, and the default site-conf - Rework nginx.conf to be inline with alpine upstream and relocate lines from other files. * **21.04.21:** - [Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-server.conf and authelia-location.conf - Add remote name/email headers and pass http method. * **12.04.21:** - Add php7-gmp and php7-pecl-mailparse. * **12.04.21:** - Add support for vultr dns validation. diff --git a/readme-vars.yml b/readme-vars.yml index 4566de8..ea57427 100755 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -151,6 +151,7 @@ app_setup_nginx_reverse_proxy_block: "" # changelog changelogs: + - { date: "27.04.21:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) nginx.conf, ssl.conf, proxy.conf, and the default site-conf - Rework nginx.conf to be inline with alpine upstream and relocate lines from other files." } - { date: "21.04.21:", desc: "[Existing users should update:](https://github.com/linuxserver/docker-swag/blob/master/README.md#updating-configs) authelia-server.conf and authelia-location.conf - Add remote name/email headers and pass http method." } - { date: "12.04.21:", desc: "Add php7-gmp and php7-pecl-mailparse." } - { date: "12.04.21:", desc: "Add support for vultr dns validation." } diff --git a/root/defaults/default b/root/defaults/default index 6d76de6..a40ca08 100644 --- a/root/defaults/default +++ b/root/defaults/default @@ -1,4 +1,4 @@ -## Version 2021/01/03 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/default +## Version 2021/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/default error_page 502 /502.html; @@ -151,5 +151,3 @@ server { # enable subdomain method reverse proxy confs include /config/nginx/proxy-confs/*.subdomain.conf; -# enable proxy cache for auth -proxy_cache_path cache/ keys_zone=auth_cache:10m; diff --git a/root/defaults/nginx.conf b/root/defaults/nginx.conf index a47a405..9497c0b 100644 --- a/root/defaults/nginx.conf +++ b/root/defaults/nginx.conf @@ -1,53 +1,97 @@ -## Version 2021/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx.conf +## Version 2021/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx.conf user abc; -worker_processes 4; -pid /run/nginx.pid; + +# Set number of worker processes automatically based on number of CPU cores. +worker_processes auto; + +# Enables the use of JIT for regular expressions to speed-up their processing. +pcre_jit on; + +# Configures default error logger. +error_log /config/log/nginx/error.log warn; + +# Includes files with directives to load dynamic modules. include /etc/nginx/modules/*.conf; events { - worker_connections 768; + # The maximum number of simultaneous connections that can be opened by + # a worker process. + worker_connections 1024; # multi_accept on; } http { + # Includes mapping of file name extensions to MIME types of responses + # and defines the default type. + include /etc/nginx/mime.types; + default_type application/octet-stream; + + # Name servers used to resolve names of upstream servers into addresses. + # It's also needed when using tcpsocket and udpsocket in Lua modules. + resolver 127.0.0.11 valid=30s; # Docker DNS Server + + # Don't tell nginx version to the clients. Default is 'on'. + server_tokens off; + + # Specifies the maximum accepted body size of a client request, as + # indicated by the request header Content-Length. If the stated content + # length is greater than this size, then the client receives the HTTP + # error code 413. Set to 0 to disable. Default is '1m'. + client_max_body_size 0; + + # Sendfile copies data between one FD and other from within the kernel, + # which is more efficient than read() + write(). Default is off. + sendfile on; + + # Causes nginx to attempt to send its HTTP response head in one packet, + # instead of using partial frames. Default is 'off'. + tcp_nopush on; + + # Helper variable for proxying websockets. + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + + # Specifies the main log format. + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + # Sets the path, format, and configuration for a buffered log write. + access_log /config/log/nginx/access.log main; + + # Includes virtual hosts configs. + include /etc/nginx/http.d/*.conf; + include /config/nginx/site-confs/*; + #Removed lua. Do not remove this comment + + # WARNING: Don't use this directory for virtual hosts anymore. + # This include will be moved to the root context in Alpine 3.14. + #include /etc/nginx/conf.d/*.conf; + ## # Basic Settings ## client_body_buffer_size 128k; - client_max_body_size 0; keepalive_timeout 65; large_client_header_buffers 4 16k; send_timeout 5m; - sendfile on; tcp_nodelay on; - tcp_nopush on; types_hash_max_size 2048; variables_hash_max_size 2048; - - # server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; - include /etc/nginx/mime.types; - default_type application/octet-stream; - - ## - # Logging Settings - ## - - access_log /config/log/nginx/access.log; - error_log /config/log/nginx/error.log; - ## # Gzip Settings ## gzip on; gzip_disable "msie6"; - # gzip_vary on; # gzip_proxied any; # gzip_comp_level 6; @@ -72,21 +116,6 @@ http { #passenger_root /usr; #passenger_ruby /usr/bin/ruby; - ## - # WebSocket proxying - ## - map $http_upgrade $connection_upgrade { - default upgrade; - '' close; - } - - ## - # Virtual Host Configs - ## - include /etc/nginx/conf.d/*.conf; - include /config/nginx/site-confs/*; - #Removed lua. Do not remove this comment - ## # Geoip2 config ## @@ -96,6 +125,8 @@ http { #include /config/nginx/geoip2.conf; } +# TIP: Uncomment if you use stream module. +#include /etc/nginx/stream.conf; #mail { # # See sample authentication script at: @@ -118,3 +149,4 @@ http { # } #} daemon off; +pid /run/nginx.pid; diff --git a/root/defaults/proxy.conf b/root/defaults/proxy.conf index d1a383c..921fad4 100644 --- a/root/defaults/proxy.conf +++ b/root/defaults/proxy.conf @@ -1,4 +1,4 @@ -## Version 2020/10/04 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/proxy.conf +## Version 2021/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/proxy.conf # Timeout if the real server is dead proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; @@ -15,6 +15,7 @@ proxy_send_timeout 240; # Proxy Cache and Cookie Settings proxy_cache_bypass $cookie_session; +proxy_cache_path cache/ keys_zone=auth_cache:10m; #proxy_cookie_path / "/; Secure"; # enable at your own risk, may break certain apps proxy_no_cache $cookie_session; diff --git a/root/defaults/ssl.conf b/root/defaults/ssl.conf index 654c512..d2747f1 100644 --- a/root/defaults/ssl.conf +++ b/root/defaults/ssl.conf @@ -1,4 +1,4 @@ -## Version 2020/10/29 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/ssl.conf +## Version 2021/04/27 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/ssl.conf ### Mozilla Recommendations # generated 2020-06-17, Mozilla Guideline v5.4, nginx 1.18.0-r0, OpenSSL 1.1.1g-r0, intermediate configuration @@ -29,9 +29,6 @@ ssl_trusted_certificate /config/keys/letsencrypt/fullchain.pem; # Diffie-Hellman Parameters ssl_dhparam /config/nginx/dhparams.pem; -# Resolver -resolver 127.0.0.11 valid=30s; # Docker DNS Server - # Enable TLS 1.3 early data ssl_early_data on;