hackliberty-conf/swag/nginx/nginx.conf

## Version 2022/08/16 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx/nginx.conf.sample

### Based on alpine defaults
# https://git.alpinelinux.org/aports/tree/main/nginx/nginx.conf?h=3.15-stable

user abc;

# Set number of worker processes automatically based on number of CPU cores.
include /config/nginx/worker_processes.conf;

# Enables the use of JIT for regular expressions to speed-up their processing.
pcre_jit on;

# Configures default error logger.
#error_log /config/log/nginx/error.log;

# Includes files with directives to load dynamic modules.
include /etc/nginx/modules/*.conf;

# Include files with config snippets into the root context.
include /etc/nginx/conf.d/*.conf;

events {
    # The maximum number of simultaneous connections that can be opened by
    # a worker process.
    worker_connections 1024;
}

http {
    # Includes mapping of file name extensions to MIME types of responses
    # and defines the default type.
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    # Name servers used to resolve names of upstream servers into addresses.
    # It's also needed when using tcpsocket and udpsocket in Lua modules.
    #resolver 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001;
    include /config/nginx/resolver.conf;

    # Don't tell nginx version to the clients. Default is 'on'.
    server_tokens off;

    # Specifies the maximum accepted body size of a client request, as
    # indicated by the request header Content-Length. If the stated content
    # length is greater than this size, then the client receives the HTTP
    # error code 413. Set to 0 to disable. Default is '1m'.
    client_max_body_size 0;

    # Sendfile copies data between one FD and other from within the kernel,
    # which is more efficient than read() + write(). Default is off.
    sendfile on;

    # Causes nginx to attempt to send its HTTP response head in one packet,
    # instead of using partial frames. Default is 'off'.
    tcp_nopush on;

    # all ssl related config moved to ssl.conf
    include /config/nginx/ssl.conf;

    # Enable gzipping of responses.
    #gzip on;

    # Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'.
    gzip_vary on;

    ##
    # Anonymize the IP Address
    ##

    map $remote_addr $remote_addr_anon {
            ~(?P<ip>\d+\.\d+)\.\d+\.    $ip.0.0;
            ~(?P<ip>[^:]+:[^:]+):       $ip::;

            # IP addresses to not anonymize (such as your server)
            127.0.0.1                   $remote_addr;
            ::1                         $remote_addr;
            89.147.110.112              $remote_addr;
            default                     0.0.0.0;
    }
    # add $http_x_forwarded_for section if needed.

    ##
    # Tag the Access as Normal or Record IP (Specified Error codes)
    ##

    map $status $normal_access {
            400      0;
            401      0;
            403      0;
            #404      0;
            405      0;
            406      0;
            410      0;
            default  1;
    }

    map $status $record_full_ip {
            400      1;
            401      1;
            403      1;
            #404      1;
            405      1;
            406      1;
            410      1;
            default  0;
    }

    ##
    # Set the Logs
     ##

    log_format  anon_ip  '$remote_addr_anon - $remote_user [$time_local] "$request" '
                         '$status $body_bytes_sent "$http_referer" '
                         '"$http_x_forwarded_for_anon"';

    log_format  real_ip  '$remote_addr - $remote_user [$time_local] "$request" '
                         '$status $body_bytes_sent "$http_referer" '
                         '"$http_user_agent" "$http_x_forwarded_for"';

    ##
    # Do the Actual Logging ( Can be set in Server section(s) )
    ##

    # Anonymized IP Access Logs
    access_log /config/log/nginx/access.log  anon_ip if=$normal_access;

    # Record real IP address on specified errors codes
    access_log /config/log/nginx/access.log  real_ip if=$record_full_ip;

	# NGINX Error Logs
	error_log /config/log/nginx/error.log;
    
    # Helper variable for proxying websockets.
    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }

    # Sets the path, format, and configuration for a buffered log write.
#    access_log /config/log/nginx/access.log;

    # Includes virtual hosts configs.
    include /etc/nginx/http.d/*.conf;
    include /config/nginx/site-confs/*.conf;
}

daemon off;
pid /run/nginx.pid;