## Version 2022/08/16 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx/nginx.conf.sample ### Based on alpine defaults # https://git.alpinelinux.org/aports/tree/main/nginx/nginx.conf?h=3.15-stable user abc; # Set number of worker processes automatically based on number of CPU cores. include /config/nginx/worker_processes.conf; # Enables the use of JIT for regular expressions to speed-up their processing. pcre_jit on; # Configures default error logger. #error_log /config/log/nginx/error.log; # Includes files with directives to load dynamic modules. include /etc/nginx/modules/*.conf; # Include files with config snippets into the root context. include /etc/nginx/conf.d/*.conf; events { # The maximum number of simultaneous connections that can be opened by # a worker process. worker_connections 1024; } http { # Includes mapping of file name extensions to MIME types of responses # and defines the default type. include /etc/nginx/mime.types; default_type application/octet-stream; # Name servers used to resolve names of upstream servers into addresses. # It's also needed when using tcpsocket and udpsocket in Lua modules. #resolver 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001; include /config/nginx/resolver.conf; # Don't tell nginx version to the clients. Default is 'on'. server_tokens off; # Specifies the maximum accepted body size of a client request, as # indicated by the request header Content-Length. If the stated content # length is greater than this size, then the client receives the HTTP # error code 413. Set to 0 to disable. Default is '1m'. client_max_body_size 0; # Sendfile copies data between one FD and other from within the kernel, # which is more efficient than read() + write(). Default is off. sendfile on; # Causes nginx to attempt to send its HTTP response head in one packet, # instead of using partial frames. Default is 'off'. tcp_nopush on; # all ssl related config moved to ssl.conf include /config/nginx/ssl.conf; # Enable gzipping of responses. #gzip on; # Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'. gzip_vary on; ## # Anonymize the IP Address ## map $remote_addr $remote_addr_anon { ~(?P\d+\.\d+)\.\d+\. $ip.0.0; ~(?P[^:]+:[^:]+): $ip::; # IP addresses to not anonymize (such as your server) 127.0.0.1 $remote_addr; ::1 $remote_addr; 89.147.110.112 $remote_addr; default 0.0.0.0; } # add $http_x_forwarded_for section if needed. ## # Tag the Access as Normal or Record IP (Specified Error codes) ## map $status $normal_access { 400 0; 401 0; 403 0; #404 0; 405 0; 406 0; 410 0; default 1; } map $status $record_full_ip { 400 1; 401 1; 403 1; #404 1; 405 1; 406 1; 410 1; default 0; } ## # Set the Logs ## log_format anon_ip '$remote_addr_anon - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_x_forwarded_for_anon"'; log_format real_ip '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; ## # Do the Actual Logging ( Can be set in Server section(s) ) ## # Anonymized IP Access Logs access_log /config/log/nginx/access.log anon_ip if=$normal_access; # Record real IP address on specified errors codes access_log /config/log/nginx/access.log real_ip if=$record_full_ip; # NGINX Error Logs error_log /config/log/nginx/error.log; # Helper variable for proxying websockets. map $http_upgrade $connection_upgrade { default upgrade; '' close; } # Sets the path, format, and configuration for a buffered log write. # access_log /config/log/nginx/access.log; # Includes virtual hosts configs. include /etc/nginx/http.d/*.conf; include /config/nginx/site-confs/*.conf; } daemon off; pid /run/nginx.pid;